![]() |
|
Log-Analyse und Auswertung: Sprechblase für Windowsupdater(nicht von Microsoft) geht aufWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Sprechblase für Windowsupdater(nicht von Microsoft) geht auf Hallo Forum =) Habe seit einiger Zeit das Problem, dass sich unten rechts ein Fenster für ein angebliches Windowsupdate öffnet. Klicke ich darauf um das Fenster zu schliessen, soll ich iwelchen AGB`s zustimmen und ein Programm runterladen. Dieses Fenster lässt sich auch nur über den Taskmanager schliessen... Ich hoffe mir kann hier jemand weiterhelfen ![]() MfG GGnis Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01 Ran by Adrian (administrator) on ADRIAN-PC on 05-02-2015 07:55:33 Running from C:\Users\Adrian\Downloads Loaded Profiles: Adrian (Available profiles: Adrian) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\System32\PnkBstrA.exe () C:\Users\Adrian\AppData\Roaming\SoftwareUpdater\SUsrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-06] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1803264 2012-06-07] (Game Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\MountPoints2: {b9e95629-6a8c-11e4-96a5-448a5b8fc06d} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\MountPoints2: {e738d354-2979-11e4-b5ff-448a5b8fc06d} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\MountPoints2: {f1df56f7-47c6-11e4-8f77-448a5b8fc06d} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7937840 2015-01-21] (Avira Operations GmbH & Co. KG) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 FireFox: ======== FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default FF Homepage: https://www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF SearchPlugin: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\searchplugins\avira-safesearch.xml FF SearchPlugin: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\searchplugins\google-maps.xml FF Extension: Avira Browser Safety - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\Extensions\abs@avira.com [2015-02-03] FF Extension: Firefox improver - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-28] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-27] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-12-16] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2014-03-06] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-30] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-21] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-21] () R2 serversu; C:\Users\Adrian\AppData\Roaming\SoftwareUpdater\SUsrv.exe [120832 2015-01-28] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-26] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-09-26] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-07] (Disc Soft Ltd) S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation) R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] () R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-02-26] (Intel Corporation) R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] () R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation ) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 07:55 - 2015-02-05 07:55 - 00013701 _____ () C:\Users\Adrian\Downloads\FRST.txt 2015-02-05 07:55 - 2015-02-05 07:55 - 00000000 ____D () C:\FRST 2015-02-05 07:54 - 2015-02-05 07:54 - 02131968 _____ (Farbar) C:\Users\Adrian\Downloads\FRST64.exe 2015-02-05 07:53 - 2015-02-05 07:53 - 00000544 _____ () C:\Users\Adrian\Downloads\defogger_disable.log 2015-02-05 07:53 - 2015-02-05 07:53 - 00000168 _____ () C:\Users\Adrian\defogger_reenable 2015-02-05 07:52 - 2015-02-05 07:52 - 00050477 _____ () C:\Users\Adrian\Downloads\Defogger.exe 2015-01-30 02:39 - 2015-01-30 02:39 - 00001222 _____ () C:\DelFix.txt 2015-01-30 02:39 - 2015-01-30 02:39 - 00000000 ____D () C:\Windows\ERUNT 2015-01-30 01:15 - 2015-01-30 01:15 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-30 01:15 - 2015-01-30 01:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-30 01:15 - 2015-01-30 01:15 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Adobe 2015-01-29 18:33 - 2015-01-29 18:33 - 00001221 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk 2015-01-28 15:06 - 2015-01-28 15:06 - 00000000 __RHD () C:\MSOCache 2015-01-28 15:04 - 2015-01-28 15:04 - 00000000 ____D () C:\Users\Adrian\Documents\Benutzerdefinierte Office-Vorlagen 2015-01-28 14:58 - 2015-01-28 14:58 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Microsoft Help 2015-01-28 14:51 - 2015-01-28 14:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Adrian\Downloads\MicrosoftFixit.wu.LB.134588027784228.1.1.Run.exe 2015-01-28 14:41 - 2015-01-28 14:50 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\SoftwareUpdater 2015-01-28 14:40 - 2015-01-28 14:40 - 00000000 ____D () C:\ProgramData\737bcb150000081b 2015-01-28 14:38 - 2015-02-02 02:43 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GU Player 2015-01-28 14:38 - 2015-02-02 02:43 - 00000000 ____D () C:\Program Files (x86)\GU Player 2015-01-28 14:38 - 2015-01-28 15:04 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Firefox-improver 2015-01-28 14:37 - 2015-01-28 14:37 - 00523856 _____ () C:\Users\Adrian\Downloads\Microsoft%20Word.exe 2015-01-28 14:32 - 2015-01-28 14:32 - 00002140 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2015-01-28 14:32 - 2015-01-28 14:32 - 00002140 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2015-01-28 14:32 - 2015-01-28 14:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive 2015-01-28 14:31 - 2015-01-28 15:00 - 00002210 _____ () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2015-01-28 14:31 - 2015-01-28 14:31 - 00000000 ___RD () C:\Users\Adrian\OneDrive 2015-01-28 14:31 - 2015-01-28 14:31 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2015-01-28 14:31 - 2015-01-28 14:31 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2015-01-28 14:30 - 2015-01-28 18:45 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-01-28 14:30 - 2015-01-28 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-01-28 14:29 - 2015-01-28 14:30 - 01064632 _____ (Microsoft Corporation) C:\Users\Adrian\Downloads\Setup.X86.de-DE_O365HomePremRetail_c45264ce-a25c-46e7-ab4e-e8f594a0467d_TX_DB_.exe 2015-01-28 14:21 - 2015-01-28 14:21 - 00668376 _____ (Blue Labs, LLC) C:\Users\Adrian\Downloads\FreeEditor.exe 2015-01-28 13:20 - 2015-01-28 13:20 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-28 02:49 - 2015-01-28 02:49 - 00009094 _____ () C:\Users\Adrian\Documents\a.txt 2015-01-28 02:22 - 2015-01-28 02:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-28 02:22 - 2015-01-28 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-28 02:22 - 2015-01-28 02:22 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-28 02:22 - 2015-01-28 02:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-28 02:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-28 02:22 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-28 02:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-28 02:21 - 2015-01-28 02:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Adrian\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-27 23:41 - 2015-01-27 23:42 - 00014648 _____ () C:\Users\Adrian\Documents\Ereignisse.txt 2015-01-27 23:23 - 2015-01-27 23:23 - 39712504 _____ () C:\Users\Adrian\Downloads\Firefox_Setup_de35.0.1 (1).exe 2015-01-27 23:23 - 2015-01-27 23:23 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-27 23:23 - 2015-01-27 23:23 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-27 23:23 - 2015-01-27 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 23:22 - 2015-01-27 23:22 - 39712504 _____ () C:\Users\Adrian\Downloads\Firefox_Setup_de35.0.1.exe 2015-01-27 23:21 - 2015-01-27 23:21 - 00000000 __SHD () C:\Users\Adrian\AppData\Local\EmieBrowserModeList 2015-01-27 05:14 - 2015-01-27 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 12:22 - 2015-01-26 12:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-26 12:22 - 2015-01-26 12:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-26 02:15 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-26 02:15 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-26 02:15 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-26 02:15 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-26 02:15 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-26 02:15 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-26 02:15 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-26 02:15 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-26 02:15 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-26 02:15 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-26 02:15 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-26 02:15 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-26 02:15 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 07:53 - 2014-08-19 18:57 - 00000000 ____D () C:\Users\Adrian 2015-02-05 07:08 - 2009-07-14 05:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-05 07:08 - 2009-07-14 05:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-05 07:06 - 2011-04-12 08:43 - 00700146 _____ () C:\Windows\system32\perfh007.dat 2015-02-05 07:06 - 2011-04-12 08:43 - 00149784 _____ () C:\Windows\system32\perfc007.dat 2015-02-05 07:06 - 2009-07-14 06:13 - 01622778 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-05 07:00 - 2014-10-03 13:39 - 00061521 _____ () C:\Windows\setupact.log 2015-02-05 07:00 - 2014-08-15 08:25 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-05 07:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-05 06:59 - 2014-08-19 19:53 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Battle.net 2015-02-04 19:19 - 2014-08-19 18:57 - 01095753 _____ () C:\Windows\WindowsUpdate.log 2015-02-04 18:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-03 00:44 - 2014-08-21 22:33 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\TS3Client 2015-01-30 02:31 - 2014-11-10 00:07 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2015-01-29 18:33 - 2014-10-01 18:23 - 00000000 ____D () C:\Users\Adrian\AppData\Local\AviraSpeedup 2015-01-29 18:33 - 2014-10-01 18:21 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup 2015-01-29 18:33 - 2014-10-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup 2015-01-29 18:33 - 2014-10-01 18:16 - 00001153 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-01-29 18:33 - 2014-08-19 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-01-29 18:33 - 2014-08-19 23:59 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-01-29 18:33 - 2014-04-03 06:44 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-29 12:19 - 2014-10-24 06:49 - 00015250 _____ () C:\Windows\PFRO.log 2015-01-28 14:45 - 2009-07-14 05:45 - 00438272 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-28 14:38 - 2014-08-19 18:59 - 00111400 _____ () C:\Users\Adrian\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-28 14:30 - 2014-08-19 18:57 - 00000000 ____D () C:\Users\Adrian\AppData\Local\VirtualStore 2015-01-28 14:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-01-28 02:55 - 2014-08-19 19:29 - 00000000 ___RD () C:\Users\Adrian\Desktop\Programme 2015-01-28 02:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech 2015-01-26 03:01 - 2014-08-20 23:41 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-26 03:00 - 2014-08-20 23:41 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-08-15 08:24 - 2014-08-15 08:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Adrian\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-25 21:02 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01 Ran by Adrian at 2015-02-05 07:55:51 Running from C:\Users\Adrian\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2014 Avira Operations GmbH & Co. KG) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Firefox-improver (HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\Firefox-improver) (Version: 2 - Appli LLC) GU Player (remove only) (HKLM-x32\...\GU Player) (Version: - ) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.2.1000 - Intel Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla) NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - ) SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Software Updater (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Software Updater Ltd) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK) Warcraft 3 (HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\Warcraft 3) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3579592859-3594887549-3632172591-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3579592859-3594887549-3632172591-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3579592859-3594887549-3632172591-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3579592859-3594887549-3632172591-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3579592859-3594887549-3632172591-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 04-02-2015 17:44:42 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {56B11E81-0B0E-477B-B5AF-9EF7E3C27156} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {7B482FF0-9CD7-48FC-ADBE-2D675006F35D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-28] (Microsoft Corporation) Task: {A3262DA4-E76F-4CD0-ABCE-90AFBBA0BBDD} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-01-21] (Avira Operations GmbH & Co. KG) Task: {BC6DF72C-1398-4199-91BA-1CC067908112} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc ==================== Loaded Modules (whitelisted) ============== 2015-01-28 14:30 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-08-21 03:02 - 2014-08-21 03:02 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2015-01-28 14:41 - 2015-01-28 14:41 - 00120832 _____ () C:\Users\Adrian\AppData\Roaming\SoftwareUpdater\SUsrv.exe 2014-08-15 08:25 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-06-12 17:11 - 2014-08-19 19:43 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe 2014-08-19 19:43 - 2015-02-04 17:56 - 02445816 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe 2015-02-04 17:56 - 2015-02-04 17:56 - 04234232 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe 2014-08-19 20:09 - 2014-08-19 20:09 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exe 2015-02-04 17:56 - 2015-02-04 17:56 - 01618424 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\RiotLauncher.dll 2014-08-19 20:09 - 2014-08-19 20:09 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll 2015-01-27 23:23 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3579592859-3594887549-3632172591-500 - Administrator - Disabled) Adrian (S-1-5-21-3579592859-3594887549-3632172591-1000 - Administrator - Enabled) => C:\Users\Adrian Gast (S-1-5-21-3579592859-3594887549-3632172591-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3579592859-3594887549-3632172591-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/05/2015 07:02:38 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/05/2015 07:00:49 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcX509CertManager::KeyCertInit failed [0] Error: (02/04/2015 10:15:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/04/2015 10:13:20 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcX509CertManager::KeyCertInit failed [0] Error: (02/04/2015 05:42:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/04/2015 05:40:33 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcX509CertManager::KeyCertInit failed [0] Error: (02/02/2015 11:20:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/02/2015 11:19:06 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcX509CertManager::KeyCertInit failed [0] Error: (02/02/2015 04:53:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/02/2015 04:51:19 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcX509CertManager::KeyCertInit failed [0] System errors: ============= Error: (02/05/2015 07:00:46 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 05.02.2015 um 06:58:27 unerwartet heruntergefahren. Error: (01/29/2015 11:21:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/28/2015 05:32:01 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (01/28/2015 05:02:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (02/05/2015 07:02:38 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/05/2015 07:00:49 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcX509CertManager::KeyCertInit failed [0] Error: (02/04/2015 10:15:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/04/2015 10:13:20 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcX509CertManager::KeyCertInit failed [0] Error: (02/04/2015 05:42:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/04/2015 05:40:33 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcX509CertManager::KeyCertInit failed [0] Error: (02/02/2015 11:20:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/02/2015 11:19:06 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcX509CertManager::KeyCertInit failed [0] Error: (02/02/2015 04:53:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/02/2015 04:51:19 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcX509CertManager::KeyCertInit failed [0] ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4690 CPU @ 3.50GHz Percentage of memory in use: 28% Total physical RAM: 8120.02 MB Available physical RAM: 5795.46 MB Total Pagefile: 16238.21 MB Available Pagefile: 13507.75 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:111.79 GB) (Free:9.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data1) (Fixed) (Total:931.51 GB) (Free:931.31 GB) NTFS Drive g: () (CDROM) (Total:1.07 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 50489017) Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 50489002) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-02-05 08:24:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000064 Samsung_ rev.EXT0 111,79GB Running: vpl5fhzr.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\ugliqpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769d1401 2 bytes JMP 767fb21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769d1419 2 bytes JMP 767fb346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769d1431 2 bytes JMP 76878ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769d144a 2 bytes CALL 767d48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769d14dd 2 bytes JMP 768787a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769d14f5 2 bytes JMP 76878978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769d150d 2 bytes JMP 76878698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769d1525 2 bytes JMP 76878a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769d153d 2 bytes JMP 767efca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769d1555 2 bytes JMP 767f68ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769d156d 2 bytes JMP 76878f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769d1585 2 bytes JMP 76878ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769d159d 2 bytes JMP 7687865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769d15b5 2 bytes JMP 767efd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769d15cd 2 bytes JMP 767fb2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769d16b2 2 bytes JMP 76878e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769d16bd 2 bytes JMP 768785f1 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3832:4416] 000007fefac22bf8 ---- Processes - GMER 2.1 ---- Process C:\Users\Adrian\AppData\Roaming\SoftwareUpdater\SUsrv.exe (*** suspicious ***) @ C:\Users\Adrian\AppData\Roaming\SoftwareUpdater\SUsrv.exe [2024](2015-01-28 13:41:51) 0000000001300000 ---- EOF - GMER 2.1 ---- |
Themen zu Sprechblase für Windowsupdater(nicht von Microsoft) geht auf |
adware, antivir, avira, browser, cpu, defender, desktop, failed, firefox, flash player, helper, home, homepage, league of legends, mozilla, office 365, problem, programm, realtek, registry, rundll, scan, security, services.exe, svchost.exe, system, taskmanager, teredo |