| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avast findet nichts aber MBMA einen TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.11.2014, 13:26
| #1 |
| |  Avast findet nichts aber MBMA einen Trojaner Hallo liebe Gemeinde! Ich habe hier den Lapi vom Partner meiner Mutter. Der soll relativ langsam laufen, man kann kaum emails abrufen und was ich festgestellt habe... Das Sicherheitscenter ist ausgeschaltet und läßt sich nicht einschalten. Außerdem gibt es seit Tagen Probleme mit den Windows Updates. Es werden grds. 5 Stück ( Sicherheitsupdates für Microsoft NET Framework 4.5 und 4.5.1 und 4 andere die auch so anfangen) nicht runtergeladen. Ich hoffe ihr könnt uns da iwie helfen. Ich poste mal die Logs die wohl benötigt werden. Wobi ich sagen muß, dass AVAST Free nichts findet, ich MBMA hab laufen laßen und das anzeigte Trojaner.Agent.MSDGen (in Quarantäne verschoben) und FRST mir 4x ne Fehlermeldung wg angeblich keiner Zugriffsberechtigung rausgehauen hat. Beim 5ten Mal hats aber geklappt. defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:23 on 19/11/2014 (XXX)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
Ran by XXX(administrator) on XXX-PC on 19-11-2014 12:31:03
Running from C:\Users\XXX\Desktop
Loaded Profile: XXX (Available profiles: XXX)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\LANUtil.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4718592 2008-01-23] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [122880 2008-02-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [311296 2007-11-21] (Sony Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-07] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [262144 2008-03-10] (Sony Corporation)
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-487733122-2592141994-505413994-1003\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-487733122-2592141994-505413994-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-487733122-2592141994-505413994-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
HKU\S-1-5-21-487733122-2592141994-505413994-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://partnerpage.google.com/eu.sony.com/de
hxxp://www.club-vaio.com/vbc
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
SearchScopes: HKLM -> DefaultScope {F17154AC-2F13-4B6E-983B-2ECD80940F83} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKLM -> {F17154AC-2F13-4B6E-983B-2ECD80940F83} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\inikgwlg.default-1364405014146
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\inikgwlg.default-1364405014146\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-11]
FF Extension: No Name - wrc@avast.com [Not Found]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-11] (AVAST Software)
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [229376 2008-03-10] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [104288 2008-03-04] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [350048 2008-03-04] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [63328 2008-03-04] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-02-15] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-14] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [333088 2008-03-03] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2008-02-15] (Sony Corporation) [File not signed]
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [184320 2008-02-15] (Sony Corporation) [File not signed]
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [147456 2008-02-15] (Sony Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-05-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-11] ()
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-06] (Texas Instruments)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-19 12:31 - 2014-11-19 12:31 - 00012797 _____ () C:\Users\XXX\Desktop\FRST.txt
2014-11-19 12:30 - 2014-11-19 12:31 - 00000000 ____D () C:\FRST
2014-11-19 12:28 - 2014-11-19 12:28 - 01108992 _____ (Farbar) C:\Users\XXX\Desktop\FRST.exe
2014-11-19 12:23 - 2014-11-19 12:24 - 00000472 _____ () C:\Users\XXX\Desktop\defogger_disable.log
2014-11-19 12:23 - 2014-11-19 12:23 - 00000000 _____ () C:\Users\XXX\defogger_reenable
2014-11-19 12:22 - 2014-11-19 12:22 - 00050477 _____ () C:\Users\XXX\Desktop\Defogger.exe
2014-11-19 12:18 - 2014-11-19 12:18 - 00000000 ____D () C:\f51d59639f6019cf70873b34c53d
2014-11-19 12:17 - 2014-11-19 12:18 - 00000000 ____D () C:\943f51668c0a6edb1102cb2000
2014-11-19 12:07 - 2014-11-19 12:07 - 00001349 _____ () C:\Users\XXX\Desktop\mbma19.11..txt
2014-11-19 11:42 - 2014-11-19 11:42 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-19 11:41 - 2014-11-19 11:41 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-19 11:41 - 2014-11-19 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-19 11:40 - 2014-11-19 11:41 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-11-19 11:40 - 2014-11-19 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-19 11:40 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-19 11:40 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-19 11:40 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-19 11:35 - 2014-11-19 11:35 - 01125200 _____ () C:\Program Files\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-11-19 11:32 - 2014-11-19 11:32 - 00000104 _____ () C:\Users\XXX\Desktop\Papierkorb - Verknüpfung.lnk
2014-11-19 11:31 - 2014-11-19 11:31 - 00000174 _____ () C:\Users\XXX\Desktop\Neue Verknüpfung.lnk
2014-11-18 19:35 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-18 19:35 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-18 19:35 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-18 19:35 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-18 19:34 - 2014-11-18 19:35 - 00004751 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-11-18 19:31 - 2014-11-18 19:31 - 00000000 ____D () C:\5e2ab1924bd113b85078a9e6f9ac2e
2014-11-18 19:28 - 2014-11-18 19:28 - 00000000 ____D () C:\6f1177ac94c4712ea95f7218c214a1b8
2014-11-14 11:52 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-14 11:52 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-14 11:52 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-14 11:52 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-14 11:51 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-14 11:51 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-14 11:49 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-14 11:49 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-14 11:48 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-14 11:47 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-14 11:47 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-14 11:47 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-14 11:47 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-14 11:46 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-14 11:37 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 11:52 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 11:52 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 11:52 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 11:52 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 11:52 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 11:52 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 11:52 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 11:52 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 11:52 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 11:52 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 11:52 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 11:52 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 11:52 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 11:52 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 11:52 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 11:52 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 11:52 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 13:27 - 2014-11-11 13:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-23 10:42 - 2014-05-11 17:23 - 27737981 _____ () C:\Users\XXX\Desktop\Bilder XXX - Kopie.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-19 12:30 - 2011-11-25 00:15 - 01730389 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 12:23 - 2011-11-25 00:57 - 00000000 ____D () C:\Users\XXX
2014-11-19 12:20 - 2013-12-08 12:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 12:19 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 12:19 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 12:16 - 2011-11-25 22:16 - 00000314 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-19 12:09 - 2008-01-21 03:47 - 00156400 _____ () C:\Windows\PFRO.log
2014-11-19 12:09 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 12:08 - 2006-11-02 14:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-19 11:32 - 2014-03-31 09:49 - 27738189 _____ () C:\Users\XXX\Desktop\Bilder XXX.zip
2014-11-18 19:37 - 2014-05-11 16:43 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-18 19:35 - 2008-03-13 13:12 - 00000000 ____D () C:\Program Files\Java
2014-11-18 19:35 - 2008-03-13 13:12 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-14 13:21 - 2013-04-14 15:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-14 13:21 - 2012-02-23 08:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-14 12:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-11-14 12:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-14 12:22 - 2006-11-02 13:47 - 00389448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 12:19 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-14 11:44 - 2013-08-06 06:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 11:39 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-12 13:32 - 2008-01-21 08:16 - 00006804 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 22:43 - 2012-05-28 12:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-10 12:08 - 2011-11-25 22:35 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-11-01 18:23 - 2013-04-14 15:27 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-31 13:02 - 2011-11-26 01:17 - 00002637 _____ () C:\Users\XXX\Desktop\Microsoft Office Word 2003.lnk
Files to move or delete:
====================
C:\Users\Public\jxpiinstall.exe
Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\Temp\AskSLib.dll
C:\Users\XXX\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\XXX\AppData\Local\Temp\installChecker.exe
C:\Users\XXX\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\PicasaUpdater_11.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-19 12:23
==================== End Of Log ============================
FRST Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014
Ran by XXXX at 2014-11-19 12:32:11
Running from C:\Users\XXXX\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.115.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Atlantis - Sky Patrol (remove only) (HKLM\...\Atlantis - Sky Patrol) (Version: - )
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Big Fish Games Center (HKLM\...\Big Fish Games Center) (Version: - )
Big Fish Games Sudoku (remove only) (HKLM\...\Big Fish Games Sudoku) (Version: - )
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
Business Contact Manager für Outlook 2007 (Version: 3.0.5828.0 - Microsoft Corporation) Hidden
Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.1.00.14140 - Sony Corporation)
Click to Disc (Version: 1.1.00.14140 - Sony Corporation) Hidden
Click to Disc Editor (HKLM\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.1.00 - Sony Corporation)
Click to Disc Editor (Version: 1.1.00 - Sony Corporation) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.5 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.4.3 - DivXNetworks, Inc.)
Glary Utilities 2.39.0.1310 (HKLM\...\Glary Utilities_is1) (Version: 2.39.0.1310 - Glarysoft Ltd)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160040}) (Version: 1.6.0.40 - Sun Microsystems, Inc.)
Mahjong Towers Eternity EU (remove only) (HKLM\...\Mahjong Towers Eternity EU) (Version: - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird (8.0) (HKLM\...\Mozilla Thunderbird (8.0)) (Version: 8.0 (de) - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Club VAIO (HKLM\...\VAIO_My Club VAIO) (Version: 2.1 - )
Mystery Case Files - Prime Suspects (remove only) (HKLM\...\Mystery Case Files - Prime Suspects) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OpenMG Secure Module 5.0.00 (HKLM\...\InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}) (Version: 5.0.00.11280 - Sony Corporation)
OpenMG Secure Module 5.0.00 (Version: 5.0.00.11280 - Sony Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5532 - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM\...\{A33E457B-5369-481F-8B53-71108AE2EB5B}) (Version: 10.1 - Roxio)
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 3.2.00.14220 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.3.00 - Sony Corporation)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.0.00.14220 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}) (Version: 3.0.01.03032 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.0.01.03032 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (HKLM\...\{CC56A2CB-EC09-4175-B8BD-93E2440D410B}) (Version: 3.0.00.02040 - Sony Corporation)
VAIO Content Metadata Manager Setting (Version: 3.0.00.02040 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{FACD3674-FC12-4B6C-A923-E1D687704E9B}) (Version: 3.0.01.03030 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 3.0.01.03030 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 2.2.00.12180 - Sony Corporation)
VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.1.00.14150 - Sony Corporation)
VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 3.3.00.11020 - Sony Corporation)
VAIO Guide (HKLM\...\{326DC400-1FC4-4D7D-946D-06D1EAB93200}) (Version: 2.3.00.13140 - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.0.00.13040 - Sony Corporation)
Vaio Marketing Tools (HKLM\...\MarketingTools) (Version: - Sony)
VAIO Media plus (HKLM\...\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}) (Version: 1.0.00.15100 - Sony Corporation)
VAIO Media plus (Version: 1.0.00.15100 - Sony Corporation) Hidden
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.2.00.14130 - Sony Corporation)
VAIO Movie Story (Version: 1.2.00.14130 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.2.00.13220 - Sony Corporation)
VAIO MusicBox (HKLM\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 2.0.00.14180 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation)
VAIO Original Function Setting (HKLM\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.3.00.14230 - Sony Corporation)
VAIO Power Management (HKLM\...\{802889F8-6AF5-45A5-9764-CA5B999E50FC}) (Version: 2.4.00.15100 - Sony Corporation)
VAIO Smart Network (HKLM\...\{3B659FAD-E772-44A3-B7E7-560FF084669F}) (Version: 1.2.00.15100 - Sony Corporation)
VAIO Update (HKLM\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.1.1.04090 - Sony Corporation)
VAIO Wallpaper Contents (HKLM\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.1.00.12140 - Sony Corporation)
Virtual Villagers (remove only) (HKLM\...\Virtual Villagers) (Version: - )
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 6.0.0 - Shark007)
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B8.430 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B8.430 - InterVideo Inc.) Hidden
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{4361F69F-5ADC-4AC0-8039-76055C77B927}) (Version: 21.00.8480 - Buhl Data Service GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
23-10-2014 08:21:45 Windows Update
24-10-2014 08:58:29 Windows Update
26-10-2014 11:10:41 Windows Update
27-10-2014 09:21:59 Windows Update
28-10-2014 09:44:30 Windows Update
29-10-2014 12:01:55 Windows Update
30-10-2014 13:54:02 Windows Update
31-10-2014 11:57:04 Windows Update
01-11-2014 11:09:04 Windows Update
02-11-2014 10:46:27 Windows Update
03-11-2014 06:33:07 Windows Update
04-11-2014 09:49:05 Windows Update
05-11-2014 09:11:45 Windows Update
06-11-2014 16:00:29 Windows Update
07-11-2014 14:33:09 Windows Update
08-11-2014 17:10:00 Windows Update
09-11-2014 10:32:13 Windows Update
10-11-2014 10:39:36 Windows Update
11-11-2014 11:59:00 Windows Update
12-11-2014 09:07:11 Windows Update
13-11-2014 09:55:01 Windows Update
14-11-2014 10:35:14 Windows Update
16-11-2014 13:12:52 Windows Update
18-11-2014 09:36:07 Windows Update
18-11-2014 18:27:25 Windows Update
18-11-2014 18:31:17 Windows Update
18-11-2014 18:33:35 Installed Java 7 Update 71
19-11-2014 10:32:07 Windows Update
19-11-2014 11:17:10 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {209C4AD1-CF9D-4598-8919-F9E700B1DC0A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-11] (AVAST Software)
Task: {803C77F5-734E-4672-B32B-765FE0089ED3} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files\Sony\VAIO Wallpaper Setting Tool\VWSet.exe [2007-12-26] (Sony Corporation)
Task: {9477D340-E769-4FE0-A4F3-C8DF15D6C2A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-14] (Adobe Systems Incorporated)
Task: {9BBE851F-1F98-4839-98CA-62CD13E182A5} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2011-11-01] (Glarysoft Ltd)
Task: {B2AD4939-A1AB-4F1D-94A1-C79A5B7BD8CF} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2010-04-09] (Sony Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe
==================== Loaded Modules (whitelisted) =============
2014-11-19 11:29 - 2014-11-19 11:29 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111900\algo.dll
2008-03-13 13:12 - 2007-08-14 20:05 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
2008-03-13 13:12 - 2007-08-14 20:05 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll
2008-02-05 01:08 - 2008-02-05 01:08 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2014-05-11 15:17 - 2014-05-11 15:17 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-11 13:27 - 2014-11-11 13:27 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-487733122-2592141994-505413994-500 - Administrator - Disabled)
XXXX (S-1-5-21-487733122-2592141994-505413994-1003 - Administrator - Enabled) => C:\Users\XXXX
Gast (S-1-5-21-487733122-2592141994-505413994-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/19/2014 00:11:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 00:09:59 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error: (11/19/2014 00:09:46 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: )
Description: Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt.
Error: (11/19/2014 00:09:46 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: )
Description: Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert.
Error: (11/19/2014 11:29:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 11:28:27 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error: (11/19/2014 11:28:22 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: )
Description: Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt.
Error: (11/19/2014 11:28:22 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: )
Description: Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert.
Error: (11/18/2014 07:23:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/18/2014 07:23:14 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
System errors:
=============
Error: (11/19/2014 00:28:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2972107){96A281C5-06AF-4741-9F4D-E9536142A4FF}201
Error: (11/19/2014 00:19:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2978128){4290F774-6931-488D-8A63-45EEC0CD172D}202
Error: (11/19/2014 00:18:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2979578){E7034E21-1CFE-4415-916A-9A87ECC9CD2F}203
Error: (11/19/2014 00:18:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2972216){B1291F12-3E12-4D9A-AAD8-629BA609C230}202
Error: (11/19/2014 00:18:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5 und 4.5.1 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2894854){B9121108-A3F2-4223-8815-7739358278DA}203
Error: (11/19/2014 00:16:12 PM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )
Description: WMPNetworkSvc
Error: (11/19/2014 00:11:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (11/19/2014 11:40:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2972107){96A281C5-06AF-4741-9F4D-E9536142A4FF}201
Error: (11/19/2014 11:40:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2978128){4290F774-6931-488D-8A63-45EEC0CD172D}202
Error: (11/19/2014 11:40:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 4.5, 4.5.1 und 4.5.2 unter Windows 7, Windows Vista und Windows Server 2008 x86 (KB2979578){E7034E21-1CFE-4415-916A-9A87ECC9CD2F}203
Microsoft Office Sessions:
=========================
Error: (11/19/2014 00:11:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 00:09:59 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
Error: (11/19/2014 00:09:46 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: )
Description: -1
Error: (11/19/2014 00:09:46 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: )
Description:
Error: (11/19/2014 11:29:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 11:28:27 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
Error: (11/19/2014 11:28:22 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 3409) (User: )
Description: -1
Error: (11/19/2014 11:28:22 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 8313) (User: )
Description:
Error: (11/18/2014 07:23:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/18/2014 07:23:14 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
CodeIntegrity Errors:
===================================
Date: 2014-11-19 12:32:04.367
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-19 12:32:04.023
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-19 12:32:03.680
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-19 12:32:03.353
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-19 12:32:02.666
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-19 12:32:02.323
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-19 12:32:01.980
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-19 12:32:01.637
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-19 11:48:50.867
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-19 11:48:50.384
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 63%
Total physical RAM: 2037.69 MB
Available physical RAM: 753.35 MB
Total Pagefile: 4314.63 MB
Available Pagefile: 2920.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.62 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:225.87 GB) (Free:164.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: EBF9C4F7)
Partition 1: (Not Active) - (Size=7 GB) - (Type=27)
Partition 2: (Active) - (Size=225.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-19 13:08:09
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925082 rev.3.AA 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\XXX\AppData\Local\Temp\aglorpog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8DD33AA0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8DD3457E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8DD405C8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8DD40614]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8DD407AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8DD40536]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8E61A6D2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8DD4057E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x8DD34AB4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8DD40768]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8DD3536C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8DD33B06]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8DD38B40]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8DD336F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8E61A7B2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8DD33B6C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8DD38F36]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8DD35E54]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8DD405F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8DD40636]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8DD407D2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8DD4055C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8DD3843A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8DD406E6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8DD405A6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8DD38822]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8DD4078C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8E61A556]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8DD35CC8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0x8DD3581E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8DD33BD2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8DD33C38]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8E61A8AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8DD3378C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8DD3395E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8DD338EC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8DD35536]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8DD35698]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8DD339E6]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8E61A624]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8DD351C6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8DD33C9E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8DD345DA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8DD34CD0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 82EF8758 4 Bytes [A0, 3A, D3, 8D]
.text ntkrnlpa.exe!KeSetEvent + 191 82EF87DC 4 Bytes [7E, 45, D3, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D1 82EF881C 8 Bytes [C8, 05, D4, 8D, 14, 06, D4, ...] {ENTER 0xd405, 0x8d; ADC AL, 0x6; AAM 0x8d}
.text ntkrnlpa.exe!KeSetEvent + 1DD 82EF8828 4 Bytes [AE, 07, D4, 8D] {SCASB ; POP ES; AAM 0x8d}
.text ntkrnlpa.exe!KeSetEvent + 1F5 82EF8840 4 Bytes [36, 05, D4, 8D]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8308600F 4 Bytes CALL 8DD36517 \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 83089C83 4 Bytes CALL 8DD3652D \SystemRoot\system32\drivers\aswSnx.sys
? System32\drivers\dmhtbbo.sys Das System kann den angegebenen Pfad nicht finden. !
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[212] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62]
.text c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[332] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62]
.text C:\Windows\system32\csrss.exe[616] KERNEL32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[656] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62]
.text C:\Windows\system32\wininit.exe[660] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1604] kernel32.dll!SetUnhandledExceptionFilter 7792A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1604] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1672] kernel32.dll!SetUnhandledExceptionFilter 7792A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1672] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1736] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1868] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1964] kernel32.dll!GetBinaryTypeW + 70 7795252F 1 Byte [62]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys
AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys
---- EOF - GMER 2.1 ----
und dann noch MBMA Code:
ATTFilter Version: 2.00.3.1025
Malware Datenbank: v2014.11.19.03
Rootkit Datenbank: v2014.11.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: XXX
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 293900
Verstrichene Zeit: 17 Min, 5 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)
Registrierungswerte: 1
Trojan.Agent.MSDGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|60692, c:\progra~2\msevmeme.exe, In Quarantäne, [5a45320b275524126e4c5be4dc275ca4]
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 0
(Keine schädliche Elemente erkannt)
Dateien: 0
(Keine schädliche Elemente erkannt)
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
Ich hoffe ihr könnt mir helfen, dass Problem zu beheben (sofern es eins gibt) Lg Stefan |
| Themen zu Avast findet nichts aber MBMA einen Trojaner |
| adware, avira, converter, fehlercode -1, fehlercode 0x0, fehlercode windows, firefox, firefox 33.1, flash player, home, homepage, mozilla, realtek, rundll, scan, server, shark, svchost.exe, system, trojan.agent.msdgen, windows, wiso |
Baum-Darstellung