![]() |
|
Plagegeister aller Art und deren Bekämpfung: Avast findet nichts aber MBMA einen TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Avast findet nichts aber MBMA einen Trojaner Hallo liebe Gemeinde! Ich habe hier den Lapi vom Partner meiner Mutter. Der soll relativ langsam laufen, man kann kaum emails abrufen und was ich festgestellt habe... Das Sicherheitscenter ist ausgeschaltet und läßt sich nicht einschalten. Außerdem gibt es seit Tagen Probleme mit den Windows Updates. Es werden grds. 5 Stück ( Sicherheitsupdates für Microsoft NET Framework 4.5 und 4.5.1 und 4 andere die auch so anfangen) nicht runtergeladen. Ich hoffe ihr könnt uns da iwie helfen. Ich poste mal die Logs die wohl benötigt werden. Wobi ich sagen muß, dass AVAST Free nichts findet, ich MBMA hab laufen laßen und das anzeigte Trojaner.Agent.MSDGen (in Quarantäne verschoben) und FRST mir 4x ne Fehlermeldung wg angeblich keiner Zugriffsberechtigung rausgehauen hat. Beim 5ten Mal hats aber geklappt. defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:23 on 19/11/2014 (XXX) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014 Ran by XXX(administrator) on XXX-PC on 19-11-2014 12:31:03 Running from C:\Users\XXX\Desktop Loaded Profile: XXX (Available profiles: XXX) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Sony Corporation) C:\Program Files\Sony\Network Utility\LANUtil.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4718592 2008-01-23] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [122880 2008-02-23] (Alps Electric Co., Ltd.) HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [311296 2007-11-21] (Sony Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-07] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [262144 2008-03-10] (Sony Corporation) HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1 HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Policies\Explorer: [HideSCAHealth] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-487733122-2592141994-505413994-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-487733122-2592141994-505413994-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com HKU\S-1-5-21-487733122-2592141994-505413994-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://partnerpage.google.com/eu.sony.com/de hxxp://www.club-vaio.com/vbc HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com SearchScopes: HKLM -> DefaultScope {F17154AC-2F13-4B6E-983B-2ECD80940F83} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= SearchScopes: HKLM -> {F17154AC-2F13-4B6E-983B-2ECD80940F83} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\inikgwlg.default-1364405014146 FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\inikgwlg.default-1364405014146\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-11] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-25] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-11] FF Extension: No Name - wrc@avast.com [Not Found] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-11] (AVAST Software) S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed] S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation) R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [229376 2008-03-10] (Sony Corporation) [File not signed] S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed] S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [104288 2008-03-04] (Sony Corporation) S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [350048 2008-03-04] (Sony Corporation) S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [63328 2008-03-04] (Sony Corporation) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-02-15] (Sony Corporation) [File not signed] R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-14] (Sony Corporation) S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [333088 2008-03-03] (Sony Corporation) R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2008-02-15] (Sony Corporation) [File not signed] S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation) R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [184320 2008-02-15] (Sony Corporation) [File not signed] R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [147456 2008-02-15] (Sony Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-11] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-11] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-11] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-05-11] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-11] () R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-06] (Texas Instruments) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-19 12:31 - 2014-11-19 12:31 - 00012797 _____ () C:\Users\XXX\Desktop\FRST.txt 2014-11-19 12:30 - 2014-11-19 12:31 - 00000000 ____D () C:\FRST 2014-11-19 12:28 - 2014-11-19 12:28 - 01108992 _____ (Farbar) C:\Users\XXX\Desktop\FRST.exe 2014-11-19 12:23 - 2014-11-19 12:24 - 00000472 _____ () C:\Users\XXX\Desktop\defogger_disable.log 2014-11-19 12:23 - 2014-11-19 12:23 - 00000000 _____ () C:\Users\XXX\defogger_reenable 2014-11-19 12:22 - 2014-11-19 12:22 - 00050477 _____ () C:\Users\XXX\Desktop\Defogger.exe 2014-11-19 12:18 - 2014-11-19 12:18 - 00000000 ____D () C:\f51d59639f6019cf70873b34c53d 2014-11-19 12:17 - 2014-11-19 12:18 - 00000000 ____D () C:\943f51668c0a6edb1102cb2000 2014-11-19 12:07 - 2014-11-19 12:07 - 00001349 _____ () C:\Users\XXX\Desktop\mbma19.11..txt 2014-11-19 11:42 - 2014-11-19 11:42 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-19 11:41 - 2014-11-19 11:41 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-19 11:41 - 2014-11-19 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-19 11:40 - 2014-11-19 11:41 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-11-19 11:40 - 2014-11-19 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-19 11:40 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-19 11:40 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-19 11:40 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-19 11:35 - 2014-11-19 11:35 - 01125200 _____ () C:\Program Files\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-11-19 11:32 - 2014-11-19 11:32 - 00000104 _____ () C:\Users\XXX\Desktop\Papierkorb - Verknüpfung.lnk 2014-11-19 11:31 - 2014-11-19 11:31 - 00000174 _____ () C:\Users\XXX\Desktop\Neue Verknüpfung.lnk 2014-11-18 19:35 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-11-18 19:35 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-11-18 19:35 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-11-18 19:35 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-11-18 19:34 - 2014-11-18 19:35 - 00004751 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log 2014-11-18 19:31 - 2014-11-18 19:31 - 00000000 ____D () C:\5e2ab1924bd113b85078a9e6f9ac2e 2014-11-18 19:28 - 2014-11-18 19:28 - 00000000 ____D () C:\6f1177ac94c4712ea95f7218c214a1b8 2014-11-14 11:52 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-14 11:52 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-14 11:52 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-14 11:52 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-14 11:51 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-14 11:51 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-14 11:49 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-14 11:49 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-14 11:48 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-14 11:47 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-14 11:47 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-14 11:47 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-14 11:47 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-14 11:46 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-14 11:37 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-13 11:52 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 11:52 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-13 11:52 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 11:52 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 11:52 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-13 11:52 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 11:52 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-13 11:52 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-13 11:52 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 11:52 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-13 11:52 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 11:52 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 11:52 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-13 11:52 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 11:52 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 11:52 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 11:52 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 11:52 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-13 11:52 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-13 11:52 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-13 11:52 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 13:27 - 2014-11-11 13:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-10-23 10:42 - 2014-05-11 17:23 - 27737981 _____ () C:\Users\XXX\Desktop\Bilder XXX - Kopie.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-19 12:30 - 2011-11-25 00:15 - 01730389 _____ () C:\Windows\WindowsUpdate.log 2014-11-19 12:23 - 2011-11-25 00:57 - 00000000 ____D () C:\Users\XXX 2014-11-19 12:20 - 2013-12-08 12:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-19 12:19 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-19 12:19 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-19 12:16 - 2011-11-25 22:16 - 00000314 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-11-19 12:09 - 2008-01-21 03:47 - 00156400 _____ () C:\Windows\PFRO.log 2014-11-19 12:09 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-19 12:08 - 2006-11-02 14:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-19 11:32 - 2014-03-31 09:49 - 27738189 _____ () C:\Users\XXX\Desktop\Bilder XXX.zip 2014-11-18 19:37 - 2014-05-11 16:43 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-18 19:35 - 2008-03-13 13:12 - 00000000 ____D () C:\Program Files\Java 2014-11-18 19:35 - 2008-03-13 13:12 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-11-14 13:21 - 2013-04-14 15:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-14 13:21 - 2012-02-23 08:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-14 12:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-11-14 12:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-14 12:22 - 2006-11-02 13:47 - 00389448 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-14 12:19 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-14 11:44 - 2013-08-06 06:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-14 11:39 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-11-12 13:32 - 2008-01-21 08:16 - 00006804 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-11 22:43 - 2012-05-28 12:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-10 12:08 - 2011-11-25 22:35 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-11-01 18:23 - 2013-04-14 15:27 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-10-31 13:02 - 2011-11-26 01:17 - 00002637 _____ () C:\Users\XXX\Desktop\Microsoft Office Word 2003.lnk Files to move or delete: ==================== C:\Users\Public\jxpiinstall.exe Some content of TEMP: ==================== C:\Users\XXX\AppData\Local\Temp\AskSLib.dll C:\Users\XXX\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe C:\Users\XXX\AppData\Local\Temp\installChecker.exe C:\Users\XXX\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\XXX\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\XXX\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\XXX\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\XXX\AppData\Local\Temp\PicasaUpdater_11.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-19 12:23 ==================== End Of Log ============================ FRST Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014 Ran by XXXX at 2014-11-19 12:32:11 Running from C:\Users\XXXX\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.115.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ) Atlantis - Sky Patrol (remove only) (HKLM\...\Atlantis - Sky Patrol) (Version: - ) Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software) Big Fish Games Center (HKLM\...\Big Fish Games Center) (Version: - ) Big Fish Games Sudoku (remove only) (HKLM\...\Big Fish Games Sudoku) (Version: - ) Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - ) Business Contact Manager für Outlook 2007 (Version: 3.0.5828.0 - Microsoft Corporation) Hidden Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.1.00.14140 - Sony Corporation) Click to Disc (Version: 1.1.00.14140 - Sony Corporation) Hidden Click to Disc Editor (HKLM\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.1.00 - Sony Corporation) Click to Disc Editor (Version: 1.1.00 - Sony Corporation) Hidden DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.) DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.5 - DivX, Inc.) DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.4.3 - DivXNetworks, Inc.) Glary Utilities 2.39.0.1310 (HKLM\...\Glary Utilities_is1) (Version: 2.39.0.1310 - Glarysoft Ltd) HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version: - ) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle) Java(TM) 6 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160040}) (Version: 1.6.0.40 - Sun Microsystems, Inc.) Mahjong Towers Eternity EU (remove only) (HKLM\...\Mahjong Towers Eternity EU) (Version: - ) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mozilla Thunderbird (8.0) (HKLM\...\Mozilla Thunderbird (8.0)) (Version: 8.0 (de) - Mozilla) MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) My Club VAIO (HKLM\...\VAIO_My Club VAIO) (Version: 2.1 - ) Mystery Case Files - Prime Suspects (remove only) (HKLM\...\Mystery Case Files - Prime Suspects) (Version: - ) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) OpenMG Secure Module 5.0.00 (HKLM\...\InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}) (Version: 5.0.00.11280 - Sony Corporation) OpenMG Secure Module 5.0.00 (Version: 5.0.00.11280 - Sony Corporation) Hidden Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5532 - Realtek Semiconductor Corp.) Roxio Easy Media Creator 10 LJ (HKLM\...\{A33E457B-5369-481F-8B53-71108AE2EB5B}) (Version: 10.1 - Roxio) Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 3.2.00.14220 - Sony Corporation) Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.3.00 - Sony Corporation) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation) VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.0.00.14220 - Sony Corporation) VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}) (Version: 3.0.01.03032 - Sony Corporation) VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.0.01.03032 - Sony Corporation) Hidden VAIO Content Metadata Manager Setting (HKLM\...\{CC56A2CB-EC09-4175-B8BD-93E2440D410B}) (Version: 3.0.00.02040 - Sony Corporation) VAIO Content Metadata Manager Setting (Version: 3.0.00.02040 - Sony Corporation) Hidden VAIO Content Metadata XML Interface Library (HKLM\...\{FACD3674-FC12-4B6C-A923-E1D687704E9B}) (Version: 3.0.01.03030 - Sony Corporation) VAIO Content Metadata XML Interface Library (Version: 3.0.01.03030 - Sony Corporation) Hidden VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 2.2.00.12180 - Sony Corporation) VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation) VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation) VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.1.00.14150 - Sony Corporation) VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 3.3.00.11020 - Sony Corporation) VAIO Guide (HKLM\...\{326DC400-1FC4-4D7D-946D-06D1EAB93200}) (Version: 2.3.00.13140 - Sony Corporation) VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.0.00.13040 - Sony Corporation) Vaio Marketing Tools (HKLM\...\MarketingTools) (Version: - Sony) VAIO Media plus (HKLM\...\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}) (Version: 1.0.00.15100 - Sony Corporation) VAIO Media plus (Version: 1.0.00.15100 - Sony Corporation) Hidden VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.2.00.14130 - Sony Corporation) VAIO Movie Story (Version: 1.2.00.14130 - Sony Corporation) Hidden VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.2.00.13220 - Sony Corporation) VAIO MusicBox (HKLM\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 2.0.00.14180 - Sony Corporation) VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation) VAIO Original Function Setting (HKLM\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.3.00.14230 - Sony Corporation) VAIO Power Management (HKLM\...\{802889F8-6AF5-45A5-9764-CA5B999E50FC}) (Version: 2.4.00.15100 - Sony Corporation) VAIO Smart Network (HKLM\...\{3B659FAD-E772-44A3-B7E7-560FF084669F}) (Version: 1.2.00.15100 - Sony Corporation) VAIO Update (HKLM\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.1.1.04090 - Sony Corporation) VAIO Wallpaper Contents (HKLM\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.1.00.12140 - Sony Corporation) Virtual Villagers (remove only) (HKLM\...\Virtual Villagers) (Version: - ) Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 6.0.0 - Shark007) WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B8.430 - InterVideo Inc.) WinDVD for VAIO (Version: 8.0-B8.430 - InterVideo Inc.) Hidden WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2014 (HKLM\...\{4361F69F-5ADC-4AC0-8039-76055C77B927}) (Version: 21.00.8480 - Buhl Data Service GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 23-10-2014 08:21:45 Windows Update 24-10-2014 08:58:29 Windows Update 26-10-2014 11:10:41 Windows Update 27-10-2014 09:21:59 Windows Update 28-10-2014 09:44:30 Windows Update 29-10-2014 12:01:55 Windows Update 30-10-2014 13:54:02 Windows Update 31-10-2014 11:57:04 Windows Update 01-11-2014 11:09:04 Windows Update 02-11-2014 10:46:27 Windows Update 03-11-2014 06:33:07 Windows Update 04-11-2014 09:49:05 Windows Update 05-11-2014 09:11:45 Windows Update 06-11-2014 16:00:29 Windows Update 07-11-2014 14:33:09 Windows Update 08-11-2014 17:10:00 Windows Update 09-11-2014 10:32:13 Windows Update 10-11-2014 10:39:36 Windows Update 11-11-2014 11:59:00 Windows Update 12-11-2014 09:07:11 Windows Update 13-11-2014 09:55:01 Windows Update 14-11-2014 10:35:14 Windows Update 16-11-2014 13:12:52 Windows Update 18-11-2014 09:36:07 Windows Update 18-11-2014 18:27:25 Windows Update 18-11-2014 18:31:17 Windows Update 18-11-2014 18:33:35 Installed Java 7 Update 71 19-11-2014 10:32:07 Windows Update 19-11-2014 11:17:10 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {209C4AD1-CF9D-4598-8919-F9E700B1DC0A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-11] (AVAST Software) Task: {803C77F5-734E-4672-B32B-765FE0089ED3} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files\Sony\VAIO Wallpaper Setting Tool\VWSet.exe [2007-12-26] (Sony Corporation) Task: {9477D340-E769-4FE0-A4F3-C8DF15D6C2A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-14] (Adobe Systems Incorporated) Task: {9BBE851F-1F98-4839-98CA-62CD13E182A5} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2011-11-01] (Glarysoft Ltd) Task: {B2AD4939-A1AB-4F1D-94A1-C79A5B7BD8CF} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2010-04-09] (Sony Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe ==================== Loaded Modules (whitelisted) ============= 2014-11-19 11:29 - 2014-11-19 11:29 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111900\algo.dll 2008-03-13 13:12 - 2007-08-14 20:05 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll 2008-03-13 13:12 - 2007-08-14 20:05 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll 2008-02-05 01:08 - 2008-02-05 01:08 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll 2014-05-11 15:17 - 2014-05-11 15:17 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-11-11 13:27 - 2014-11-11 13:27 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-487733122-2592141994-505413994-500 - Administrator - Disabled) XXXX (S-1-5-21-487733122-2592141994-505413994-1003 - Administrator - Enabled) => C:\Users\XXXX Gast (S-1-5-21-487733122-2592141994-505413994-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/19/2014 00:11:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/19/2014 00:09:59 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (11/19/2014 00:09:46 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: ) Description: Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt. Error: (11/19/2014 00:09:46 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: ) Description: Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert. Error: (11/19/2014 11:29:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/19/2014 11:28:27 AM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (11/19/2014 11:28:22 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: ) Description: Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt. Error: (11/19/2014 11:28:22 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: ) Description: Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert. Error: (11/18/2014 07:23:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 07:23:14 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) System errors: ============= Error: (11/19/2014 00:28:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2972107){96A281C5-06AF-4741-9F4D-E9536142A4FF}201 Error: (11/19/2014 00:19:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2978128){4290F774-6931-488D-8A63-45EEC0CD172D}202 Error: (11/19/2014 00:18:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2979578){E7034E21-1CFE-4415-916A-9A87ECC9CD2F}203 Error: (11/19/2014 00:18:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2972216){B1291F12-3E12-4D9A-AAD8-629BA609C230}202 Error: (11/19/2014 00:18:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5 und 4.5.1 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2894854){B9121108-A3F2-4223-8815-7739358278DA}203 Error: (11/19/2014 00:16:12 PM) (Source: WMPNetworkSvc) (EventID: 14319) (User: ) Description: WMPNetworkSvc Error: (11/19/2014 00:11:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (11/19/2014 11:40:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2972107){96A281C5-06AF-4741-9F4D-E9536142A4FF}201 Error: (11/19/2014 11:40:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2978128){4290F774-6931-488D-8A63-45EEC0CD172D}202 Error: (11/19/2014 11:40:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2979578){E7034E21-1CFE-4415-916A-9A87ECC9CD2F}203 Microsoft Office Sessions: ========================= Error: (11/19/2014 00:11:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/19/2014 00:09:59 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019 Error: (11/19/2014 00:09:46 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: ) Description: -1 Error: (11/19/2014 00:09:46 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: ) Description: Error: (11/19/2014 11:29:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/19/2014 11:28:27 AM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019 Error: (11/19/2014 11:28:22 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: ) Description: -1 Error: (11/19/2014 11:28:22 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: ) Description: Error: (11/18/2014 07:23:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 07:23:14 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019 CodeIntegrity Errors: =================================== Date: 2014-11-19 12:32:04.367 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-19 12:32:04.023 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-19 12:32:03.680 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-19 12:32:03.353 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-19 12:32:02.666 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-19 12:32:02.323 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-19 12:32:01.980 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-19 12:32:01.637 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-19 11:48:50.867 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-19 11:48:50.384 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz Percentage of memory in use: 63% Total physical RAM: 2037.69 MB Available physical RAM: 753.35 MB Total Pagefile: 4314.63 MB Available Pagefile: 2920.47 MB Total Virtual: 2047.88 MB Available Virtual: 1913.62 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:225.87 GB) (Free:164.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: EBF9C4F7) Partition 1: (Not Active) - (Size=7 GB) - (Type=27) Partition 2: (Active) - (Size=225.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-11-19 13:08:09 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925082 rev.3.AA 232,89GB Running: Gmer-19357.exe; Driver: C:\Users\XXX\AppData\Local\Temp\aglorpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8DD33AA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8DD3457E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8DD405C8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8DD40614] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8DD407AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8DD40536] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8E61A6D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8DD4057E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x8DD34AB4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8DD40768] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8DD3536C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8DD33B06] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8DD38B40] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8DD336F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8E61A7B2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8DD33B6C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8DD38F36] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8DD35E54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8DD405F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8DD40636] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8DD407D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8DD4055C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8DD3843A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8DD406E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8DD405A6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8DD38822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8DD4078C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8E61A556] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8DD35CC8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0x8DD3581E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8DD33BD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8DD33C38] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8E61A8AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8DD3378C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8DD3395E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8DD338EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8DD35536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8DD35698] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8DD339E6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8E61A624] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8DD351C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8DD33C9E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8DD345DA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8DD34CD0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 82EF8758 4 Bytes [A0, 3A, D3, 8D] .text ntkrnlpa.exe!KeSetEvent + 191 82EF87DC 4 Bytes [7E, 45, D3, 8D] .text ntkrnlpa.exe!KeSetEvent + 1D1 82EF881C 8 Bytes [C8, 05, D4, 8D, 14, 06, D4, ...] {ENTER 0xd405, 0x8d; ADC AL, 0x6; AAM 0x8d} .text ntkrnlpa.exe!KeSetEvent + 1DD 82EF8828 4 Bytes [AE, 07, D4, 8D] {SCASB ; POP ES; AAM 0x8d} .text ntkrnlpa.exe!KeSetEvent + 1F5 82EF8840 4 Bytes [36, 05, D4, 8D] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8308600F 4 Bytes CALL 8DD36517 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 83089C83 4 Bytes CALL 8DD3652D \SystemRoot\system32\drivers\aswSnx.sys ? System32\drivers\dmhtbbo.sys Das System kann den angegebenen Pfad nicht finden. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[212] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62] .text c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[332] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62] .text C:\Windows\system32\csrss.exe[616] KERNEL32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62] .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[656] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62] .text C:\Windows\system32\wininit.exe[660] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1604] kernel32.dll!SetUnhandledExceptionFilter 7792A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1604] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[1672] kernel32.dll!SetUnhandledExceptionFilter 7792A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\avastui.exe[1672] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1736] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62] .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62] .text C:\Windows\system32\svchost.exe[1868] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62] .text C:\Windows\system32\svchost.exe[1964] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62] .text ... ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys ---- EOF - GMER 2.1 ---- und dann noch MBMA Code:
ATTFilter Version: 2.00.3.1025 Malware Datenbank: v2014.11.19.03 Rootkit Datenbank: v2014.11.18.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: XXX Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 293900 Verstrichene Zeit: 17 Min, 5 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 1 Trojan.Agent.MSDGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|60692, c:\progra~2\msevmeme.exe, In Quarantäne, [5a45320b275524126e4c5be4dc275ca4] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) Ich hoffe ihr könnt mir helfen, dass Problem zu beheben (sofern es eins gibt) Lg Stefan |
Themen zu Avast findet nichts aber MBMA einen Trojaner |
adware, avira, converter, fehlercode -1, fehlercode 0x0, fehlercode windows, firefox, firefox 33.1, flash player, home, homepage, mozilla, realtek, rundll, scan, server, shark, svchost.exe, system, trojan.agent.msdgen, windows, wiso |