![]() |
|
Log-Analyse und Auswertung: kernel_data_inpage_error und RootkitverdachtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() kernel_data_inpage_error und Rootkitverdacht Hallo Leute :-) ich hatte heut morgen nen Bluescreen mit der Meldung: kernel_data_inpage_error (fastfat.sys), darauf hat das System versucht neu zu starten es aber nicht geschafft. Nach manuellem Ausschalten des Laptops und Neustart lief alles wieder wie normal. Das selbe Problem hatte ich allerdings schon mal vor 2 Wochen mit der selben Meldung. Beim googlen hab ich dann gelesen dass u.a. auch ein Virus oder Rootkit dafür verantworlich sein könnte. Außer den beiden Bluescreens soweit keine Probleme. Hab übrigens nen Lenovo Laptop mit Windows 8.1. Virenscanner (Windows Defender, Spybot) haben nichts gefunden. Bei Rootkit-Scannern wurden zwar Einträge gezeigt, aber keine definitiven Rootkitfunde, also keine Alarme oder Löschvorschläge. Ich poste mal die Logs und FRST Scans, bei GMER kommt übrigens jedes Mal was anderes dabei raus. Dabei wird die csrss.exe angezeigt, die auch laut Taskmanager zwei mal läuft was ja komisch ist, beide Instanzen gehen auf die selbe Datei im System32 Ordner zurück. FRST.txt: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016 durchgeführt von Home (Administrator) auf LENOVO-PC (22-04-2016 14:15:09) Gestartet von C:\Users\Home\Desktop\Logs Geladene Profile: Home (Verfügbare Profile: Home) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation) HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-13] (Synaptics Incorporated) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-02-19] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] xxxxxxxx Tcpip\..\Interfaces\{62EBEEB6-5A18-4299-B478-F88B8FF96FA4}: [DhcpNameServer] xxxxxxxx Tcpip\..\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}: [DhcpNameServer] xxxxxxxx Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-28] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-28] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1z5kqp9j.default-1408892543986 FF Homepage: about:blank FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] () FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-28] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1z5kqp9j.default-1408892543986\searchplugins\imdb.xml [2014-08-25] FF Extension: FireGestures - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1z5kqp9j.default-1408892543986\extensions\firegestures@xuldev.org.xpi [2016-04-10] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1z5kqp9j.default-1408892543986\Extensions\elemhidehelper@adblockplus.org.xpi [2016-02-17] FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1z5kqp9j.default-1408892543986\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-08] (Broadcom Corporation.) S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-09-25] (Broadcom Corporation.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-08] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.) S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [42192 2015-09-03] (Razer Inc) S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44224 2015-09-03] (Razer Inc) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-13] (Synaptics Incorporated) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) U3 aswMBR; \??\C:\Users\Home\AppData\Local\Temp\aswMBR.sys [X] U3 aswVmm; \??\C:\Users\Home\AppData\Local\Temp\aswVmm.sys [X] U3 fxlyrpog; \??\C:\Users\Home\AppData\Local\Temp\fxlyrpog.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-22 13:23 - 2016-04-22 13:25 - 00225362 _____ C:\TDSSKiller.3.1.0.9_22.04.2016_13.23.35_log.txt 2016-04-22 10:12 - 2016-04-22 10:14 - 00225956 _____ C:\TDSSKiller.3.1.0.9_22.04.2016_10.12.51_log.txt 2016-04-22 09:55 - 2016-04-22 09:56 - 00024015 _____ C:\Users\Home\Desktop\Addition.txt 2016-04-22 09:54 - 2016-04-22 14:15 - 00000000 ____D C:\FRST 2016-04-22 09:54 - 2016-04-22 09:56 - 00030236 _____ C:\Users\Home\Desktop\FRST.txt 2016-04-22 08:45 - 2016-04-22 08:45 - 00000000 ____D C:\AdwCleaner 2016-04-20 21:13 - 2016-03-16 03:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-04-20 21:13 - 2016-03-16 03:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-04-20 21:13 - 2016-03-14 18:50 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2016-04-20 21:13 - 2016-03-12 02:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-04-20 21:13 - 2016-03-12 02:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL 2016-04-20 21:13 - 2016-03-12 02:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL 2016-04-20 21:13 - 2016-03-10 19:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll 2016-04-20 21:13 - 2016-03-10 18:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll 2016-04-20 21:13 - 2016-03-10 18:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2016-04-20 21:13 - 2016-03-10 18:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll 2016-04-20 21:13 - 2016-03-10 18:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll 2016-04-20 21:13 - 2016-03-08 16:44 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2016-04-20 21:13 - 2016-03-05 19:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2016-04-20 21:13 - 2016-03-05 19:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2016-04-20 21:13 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-04-20 21:13 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2016-04-20 21:13 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2016-04-20 21:13 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-04-20 21:13 - 2016-02-23 22:50 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll 2016-04-20 21:13 - 2016-02-23 22:48 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll 2016-04-16 15:51 - 2016-04-16 15:51 - 00000000 ____D C:\Users\Home\AppData\Roaming\Sun 2016-04-15 16:15 - 2016-04-15 16:15 - 00000000 ____D C:\Users\Home\AppData\Roaming\LolClient 2016-04-13 09:28 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-04-13 09:27 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-04-13 09:27 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-04-13 09:27 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-04-13 09:27 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-04-13 09:27 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-04-13 09:27 - 2016-03-31 01:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2016-04-13 09:27 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-04-13 09:27 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2016-04-13 09:27 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-04-13 09:27 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-04-13 09:27 - 2016-03-31 01:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-04-13 09:27 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-04-13 09:27 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-04-13 09:27 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-04-13 09:27 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-04-13 09:27 - 2016-03-31 01:43 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-04-13 09:27 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-04-13 09:27 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-04-13 09:27 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-04-13 09:27 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-04-13 09:27 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2016-04-13 09:27 - 2016-03-31 01:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2016-04-13 09:27 - 2016-03-31 01:27 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-04-13 09:27 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-04-13 09:27 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-04-13 09:27 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-04-13 09:27 - 2016-03-31 01:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-04-13 09:27 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-04-13 09:27 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-04-13 09:27 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-04-13 09:27 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-04-13 09:27 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-04-13 09:27 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-04-13 09:26 - 2016-03-16 01:00 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-04-13 09:26 - 2016-03-15 16:14 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-04-13 09:26 - 2016-03-11 16:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-04-13 09:26 - 2016-03-10 20:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-04-13 09:26 - 2016-03-10 20:21 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-04-13 09:26 - 2016-03-10 20:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-04-13 09:26 - 2016-03-10 19:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-04-13 09:26 - 2016-03-10 19:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2016-04-13 09:26 - 2016-03-10 19:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-04-13 09:26 - 2016-03-10 19:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2016-04-13 09:26 - 2016-03-10 19:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-04-13 09:26 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-04-13 09:26 - 2016-03-10 18:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-04-13 09:26 - 2016-03-03 18:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2016-04-13 09:26 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2016-04-13 09:26 - 2016-03-03 03:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-04-13 09:26 - 2016-03-03 03:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-04-13 09:25 - 2016-03-29 16:05 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-04-13 09:25 - 2016-03-10 21:19 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-04-13 09:25 - 2016-03-10 21:17 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-04-13 09:25 - 2016-03-10 21:17 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-04-13 09:25 - 2016-03-10 21:17 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-04-13 09:25 - 2016-03-10 21:17 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-04-13 09:25 - 2016-03-10 21:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-04-13 09:25 - 2016-03-10 18:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-04-13 09:25 - 2016-03-03 18:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2016-04-10 20:49 - 2016-04-10 20:49 - 00000000 ____D C:\Users\Home\AppData\Local\CEF 2016-04-10 18:42 - 2016-04-10 18:42 - 00000000 ____D C:\Users\Home\AppData\Roaming\java 2016-04-10 15:39 - 2016-04-10 15:39 - 00000000 ____D C:\Users\Home\.oracle_jre_usage 2016-04-10 13:44 - 2016-04-10 13:44 - 00000000 ____D C:\Users\Home\AppData\Roaming\.mono 2016-04-10 13:44 - 2016-04-10 13:44 - 00000000 ____D C:\ProgramData\.mono 2016-04-10 12:34 - 2016-04-04 08:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-04-10 12:34 - 2016-04-02 15:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-04-10 12:34 - 2016-04-02 15:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-04-10 12:34 - 2016-03-28 15:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-04-10 12:34 - 2016-03-28 15:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-04-10 12:34 - 2016-03-28 15:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-04-10 12:34 - 2016-03-28 15:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-04-10 12:34 - 2016-03-28 15:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-04-08 16:30 - 2016-04-08 16:30 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2016-03-29 23:48 - 2016-03-29 23:48 - 00049384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WirelessKeyboardFilter.sys 2016-03-29 09:58 - 2016-03-29 09:58 - 02160912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01009.dll 2016-03-28 13:09 - 2016-03-28 13:09 - 00000000 ____D C:\WINDOWS\Minidump ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-22 13:47 - 2014-04-29 19:20 - 00000000 ____D C:\Users\Home\AppData\Local\Battle.net 2016-04-22 13:47 - 2014-04-29 19:20 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-04-22 13:29 - 2014-07-07 22:54 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-04-22 13:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2016-04-22 13:19 - 2015-02-14 13:49 - 00000000 ____D C:\Users\Home\AppData\Local\JDownloader 2.0 2016-04-22 11:37 - 2014-02-19 15:20 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat 2016-04-22 11:37 - 2014-02-19 15:20 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat 2016-04-22 11:37 - 2013-10-07 20:27 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-22 11:37 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf 2016-04-22 11:06 - 2014-04-30 14:36 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc 2016-04-22 07:00 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-21 21:08 - 2014-04-29 19:23 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2016-04-21 11:25 - 2015-02-20 18:00 - 00000000 ____D C:\Program Files (x86)\World of Tanks 2016-04-20 21:15 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-04-16 21:27 - 2014-10-10 12:29 - 00000000 ____D C:\Users\Home\AppData\Local\PokerStars.NET 2016-04-14 01:45 - 2014-04-30 15:43 - 00453280 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-04-13 23:18 - 2014-04-29 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-04-13 12:48 - 2014-04-29 14:23 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-04-13 12:45 - 2014-04-29 14:23 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-04-13 09:23 - 2016-01-13 11:32 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-04-13 09:21 - 2016-03-02 12:28 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-04-13 09:21 - 2016-03-02 12:28 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-04-13 09:21 - 2016-03-02 12:28 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-04-12 10:20 - 2014-07-31 18:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-04-10 15:39 - 2014-04-29 19:08 - 00000000 ____D C:\Users\Home 2016-04-10 14:28 - 2014-04-29 19:14 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4228906309-3005005469-1149960139-1001 2016-04-10 12:35 - 2015-04-09 21:58 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-04-08 16:30 - 2014-07-07 22:54 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-04-06 23:02 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-04-05 23:53 - 2014-08-14 09:02 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-04-05 23:53 - 2014-08-14 09:02 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-04-01 16:11 - 2014-10-09 14:33 - 00000000 ____D C:\Users\Home\AppData\Roaming\Mp3tag 2016-03-31 10:54 - 2014-02-19 06:47 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-28 00:31 - 2014-08-19 16:28 - 00000000 ____D C:\ProgramData\Oracle 2016-03-28 00:30 - 2015-04-02 10:31 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2016-03-28 00:30 - 2014-10-18 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-03-28 00:30 - 2014-08-19 16:28 - 00000000 ____D C:\Program Files (x86)\Java 2016-03-24 11:01 - 2015-07-15 23:27 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2016-03-24 11:01 - 2015-07-15 23:27 - 00000000 ___SD C:\WINDOWS\system32\GWX ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-11-10 10:49 - 2014-12-18 12:43 - 0007605 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg 2014-02-19 06:50 - 2014-02-19 06:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-04-17 14:51 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016 durchgeführt von Home (2016-04-22 14:16:36) Gestartet von C:\Users\Home\Desktop\Logs Windows 8.1 (X64) (2014-04-29 17:08:37) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-4228906309-3005005469-1149960139-500 - Administrator - Disabled) Gast (S-1-5-21-4228906309-3005005469-1149960139-501 - Limited - Disabled) Home (S-1-5-21-4228906309-3005005469-1149960139-1001 - Administrator - Enabled) => C:\Users\Home ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{EE19B92D-1F52-D7C1-81BF-326A3405A422}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant) Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc) EVE Online (nur entfernen) (HKLM-x32\...\EVE) (Version: - CCP Games Ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.) Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited) Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla) Mp3tag v2.75 (HKLM-x32\...\Mp3tag) (Version: v2.75 - Florian Heidenreich) OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Ihr Firmenname) PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.0 - Synaptics Incorporated) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.) World of Tanks (HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {06B8A2F0-5531-4320-8378-3694919C3E6F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation) Task: {2F37FA9A-BD63-4BFF-98C2-2BBD1E2B7439} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-03] (Lenovo) Task: {4A883EFB-3122-43FB-823C-8972D50E7EBB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated) Task: {7F89117E-25FB-440C-AA59-7258D368F818} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo) Task: {ADA11046-28AA-4429-A55C-52AC2E6E34F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {C56D0677-E75F-466B-8A08-0A1DE57794BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {DB82CC20-A37F-497D-BFA8-F9F1A1DA4B57} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\Software\Classes\.exe: => <===== ACHTUNG ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{A3E38F22-7179-4B2D-A502-AB0C25ACA583}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{8479067C-D246-4607-A3F7-5C2C4B48E284}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{0284AC1C-72DA-4AAD-9E4C-1736AC468DC2}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{C63C26F5-BAEE-473C-A4C3-7C4BBB9EBC2E}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [TCP Query User{3B357093-D347-4FEC-B525-0F6079C4831C}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe FirewallRules: [UDP Query User{E2F953AD-E0A7-49A2-9436-B1C9D0546960}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe FirewallRules: [{1B675FF5-BCEC-40E5-BECF-89DB6F57A536}] => (Block) C:\program files (x86)\ccp\eve\bin\exefile.exe FirewallRules: [{21FBAD9D-9CA8-46A7-8A73-B7200BF5295A}] => (Block) C:\program files (x86)\ccp\eve\bin\exefile.exe FirewallRules: [{D5A7BA63-A1AC-43A1-8056-756852E28948}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{70D2CE96-82A6-440B-8543-A98BFA09FFC8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{8661F19B-E1C7-42B6-9262-2B4D7518AD36}C:\program files (x86)\world of tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world of tanks\wotlauncher.exe FirewallRules: [UDP Query User{8090E37F-B7F6-4BD7-86ED-852F52D3FAD5}C:\program files (x86)\world of tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world of tanks\wotlauncher.exe FirewallRules: [TCP Query User{54C061AF-5699-465F-98F2-EDBE6E274B75}C:\program files (x86)\world of tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world of tanks\worldoftanks.exe FirewallRules: [UDP Query User{335FB34E-EAB2-4E48-B4DF-905E8A59BEFD}C:\program files (x86)\world of tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world of tanks\worldoftanks.exe FirewallRules: [TCP Query User{67955F7F-8D4F-4BEE-B51A-3C5538F0226F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{3729B319-AAA1-475D-9D82-3AFBE49F9905}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{9CD6BF27-E03A-4AA0-9C2D-0786B08634CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2B33F520-15F9-4140-AE96-C0C352ECCD91}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{50B6935A-3254-4C34-9F64-D9658C596610}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EEEA681B-0F41-474E-A5AA-004A113D9609}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D183D61D-74D1-4EE2-8A7A-D1C8A226C5E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F4CEDC94-5DB3-4C71-87AA-C0DA404D6B52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{6BC05C83-B608-4ED5-8229-9F2FA33F87CE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{1D44BE5A-DA4B-4D5A-A8D0-59C28A333E4F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{C4A9BC75-5301-48FF-A5B5-D503CBDB5F3B}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Wiederherstellungspunkte ========================= 08-04-2016 18:31:15 Geplanter Prüfpunkt 13-04-2016 12:40:25 Windows Update 20-04-2016 21:13:23 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Wireless Device Description: Wireless Device Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Systemfehler: ============= Error: (04/22/2016 01:13:20 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (04/22/2016 01:12:50 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (04/22/2016 11:24:52 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (04/22/2016 11:24:22 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} CodeIntegrity: =================================== Date: 2016-04-22 07:25:18.558 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-21 10:02:38.462 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-17 15:07:24.106 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-16 08:17:43.785 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-14 09:03:58.834 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-12 08:24:47.092 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-11 08:28:27.803 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-10 09:04:58.461 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-07 11:49:18.842 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-06 08:52:19.350 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz Prozentuale Nutzung des RAM: 29% Installierter physikalischer RAM: 8104.27 MB Verfügbarer physikalischer RAM: 5694.04 MB Summe virtueller Speicher: 16296.27 MB Verfügbarer virtueller Speicher: 13710.64 MB ==================== Laufwerke ================================ Drive c: (Windows8_OS) (Fixed) (Total:425.78 GB) (Free:223.21 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.73 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: B6F5D6EB) Partition: GPT. ==================== Ende von Addition.txt ============================ Code:
ATTFilter aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software Run date: 2016-04-22 12:36:09 ----------------------------- 12:36:09.658 OS Version: Windows x64 6.2.9200 12:36:09.658 Number of processors: 8 586 0x3C03 12:36:09.674 ComputerName: LENOVO-PC UserName: Home 12:36:44.252 Initialize success 12:36:44.283 VM: initialized successfully 12:36:44.408 VM: Intel CPU BiosDisabled 12:36:44.518 write error "aswEngin.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. 12:40:37.185 AVAST engine defs: 16033102 12:40:43.431 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000001e 12:40:43.431 Disk 0 Vendor: ST500LM000-SSHD-8GB LVD3 Size: 476940MB BusType: 11 12:40:43.946 Disk 0 MBR read successfully 12:40:43.961 Disk 0 MBR scan 12:40:43.961 Disk 0 unknown MBR code 12:40:43.977 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1 12:40:44.711 Disk 0 scanning C:\WINDOWS\system32\drivers 12:41:36.775 Service scanning 12:42:10.750 Modules scanning 12:42:10.750 Disk 0 trace - called modules: 12:42:10.797 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 12:42:10.797 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000d09fa060] 12:42:10.797 3 CLASSPNP.SYS[fffff801df802f40] -> nt!IofCallDriver -> \Device\0000001e[0xffffe000d0892380] 12:42:28.028 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat" 12:42:28.028 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt" TDSkiller hat keine Funde angezeigt. AdwCleaner.txt: Code:
ATTFilter # AdwCleaner v5.112 - Bericht erstellt am 22/04/2016 um 08:45:50 # Aktualisiert am 17/04/2016 von Xplode # Datenbank : 2016-04-19.5 [Server] # Betriebssystem : Windows 8.1 (X64) # Benutzername : Home - LENOVO-PC # Gestartet von : C:\Users\Home\Desktop\AdwCleaner_5.112.exe # Option : Suchlauf # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ DLL ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** Wert gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] Schlüssel gefunden : HKCU\Software\OCS Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PokerStars.net Schlüssel gefunden : HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\Software\OCS ***** [ Internetbrowser ] ***** ************************* C:\AdwCleaner\AdwCleaner[S1].txt - [991 Bytes] - [22/04/2016 08:45:50] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1063 Bytes] ########## Und nun verschiedene GMER Scans, die komischerweise alle verschiedenes zeigen, aber keine definitiven Rootkitfunde. 1: Code:
ATTFilter GMER 2.2.19882 - hxxp://www.gmer.net Rootkit scan 2016-04-22 08:04:11 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e ST500LM000-SSHD-8GB rev.LVD3 465,76GB Running: 6orxbtw2.exe; Driver: C:\Users\Home\AppData\Local\Temp\fxlyrpog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [624:640] fffff960008812d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x6F 0x37 0x2B 0xAF ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x03 0x88 0x4F 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE 305 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMO15A70_1F_07DA_95^E31A9EA2CA573A9B957AE374289AD020@Timestamp 0xE3 0x91 0x28 0x8C ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 724 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1884874392 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID d0a858af-0ba0-4819-8e69-b51b50c Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{1407f282-4947-40d0-ad0c-9142559516d9} Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\342387faebac Reg HKLM\SYSTEM\CurrentControlSet\Services\cdrom\Parameters\Wdf@TimeOfLastSqmLog 0x31 0x7C 0xC6 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastSqmLog 0x41 0x96 0x78 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dc3d\Parameters\Wdf@TimeOfLastSqmLog 0x41 0x41 0xD1 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{796b8351-5832-4161-9ecd-93ac6cb2f195}@LastProbeTime 1461228494 Reg HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastSqmLog 0x13 0xA9 0x8B 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\ialm\Device0@ProfilingToolValues 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\intelppm\Parameters\Wdf@TimeOfLastSqmLog 0x31 0x7C 0xC6 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iwdbus\Parameters\Wdf@TimeOfLastSqmLog 0xF1 0x79 0xCC 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MEIx64\Parameters\Wdf@TimeOfLastSqmLog 0xB2 0x1F 0x82 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastSqmLog 0x5E 0x7E 0x28 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastSqmLog 0x6A 0x66 0xCC 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog 0x5F 0x06 0x60 0xF7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Do?, ?Apr ?21 ?16, 10:54:51??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 4400 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 5771 Reg HKLM\SYSTEM\CurrentControlSet\Services\SmbDrvI\Parameters\Wdf@TimeOfLastSqmLog 0xDF 0x52 0xCC 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 314 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1957 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters\Wdf@TimeOfLastSqmLog 0x4E 0x7F 0xC2 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@LeaseObtainedTime 1461221280 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@T1 1462128480 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@T2 1462808880 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@LeaseTerminatesTime 1463035680 Reg HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastSqmLog 0x41 0x96 0x78 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastSqmLog 0x58 0xCA 0x2B 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastSqmLog 0x16 0x82 0x84 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vwifibus\Parameters\Wdf@TimeOfLastSqmLog 0xCA 0xCE 0xB1 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WirelessKeyboardFilter\Parameters\Wdf@TimeOfLastSqmLog 0x48 0x3D 0xEA 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastSqmLog 0x69 0x2C 0xA8 0x86 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop@TaskbarWinXP 0x0C 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0xD8 0x26 0xC8 0x31 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016042120160422 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016042120160422@CachePrefix :2016042120160422: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016042120160422@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016042120160422 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016042120160422@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016042120160422@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016042120160422@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh 0xC6 0x9B 0xDC 0x2F ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified 0x00 0x90 0x48 0xE6 ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@FirstLevelConsentDialog 0xE0 0x02 0x1E 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ---- 2: Code:
ATTFilter GMER 2.2.19882 - hxxp://www.gmer.net Rootkit scan 2016-04-22 09:41:26 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e ST500LM000-SSHD-8GB rev.LVD3 465,76GB Running: 6orxbtw2.exe; Driver: C:\Users\Home\AppData\Local\Temp\fxlyrpog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [624:640] fffff960008812d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 88506605 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\342387faebac Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0xD8 0x03 0x36 0x32 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ---- 3: Code:
ATTFilter GMER 2.2.19882 - hxxp://www.gmer.net Rootkit scan 2016-04-22 11:34:02 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e ST500LM000-SSHD-8GB rev.LVD3 465,76GB Running: 6orxbtw2.exe; Driver: C:\Users\Home\AppData\Local\Temp\fxlyrpog.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600021b100 15 bytes [80, BB, F0, 01, 00, 98, 6B, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600021b110 11 bytes [00, 4B, FC, FF, 40, 90, BA, ...] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [624:640] fffff960008812d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 88506605 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\342387faebac ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ---- Code:
ATTFilter GMER 2.2.19882 - hxxp://www.gmer.net Rootkit scan 2016-04-22 12:34:39 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e ST500LM000-SSHD-8GB rev.LVD3 465,76GB Running: 6orxbtw2.exe; Driver: C:\Users\Home\AppData\Local\Temp\fxlyrpog.sys ---- User IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_CxxThrowException] [23004400570053] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!__CxxFrameHandler3] [0] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!memcpy] [69006c006e004f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!setlocale] [65006e] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_lock] [6c00660066004f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_unlock] [65006e0069] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!___lc_collate_cp_func] [650065006c0053] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!memcmp] [67006e00690070] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!memset] [0] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_ismbblead] [0] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!__pctype_func] [64006e00690057] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!calloc] [5f00730077006f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_callnewh] [6900640065004d] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!__uncaught_exception] [650073005f0061] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_wcsdup] [6c006100690072] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??8type_info@@QEBAHAEBV0@@Z] [640065007a0069] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!__crtCompareStringW] [6f00740073005f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!___lc_codepage_func] [65006700610072] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!___lc_handle_func] [0] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!___mb_cur_max_func] [61006600650044] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!wcstod] [420074006c0075] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!__crtLCMapStringW] [730077006f0072] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_get_current_locale] [4e005f00720065] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!modff] [4200550050004f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_free_locale] [4800530049004c] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!abort] [44004900520045] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!modf] [64006900000000] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??0exception@@QEAA@XZ] [0] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_ecvt_s] [1700000011] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBDH@Z] [250000001d] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??3@YAXPEAX@Z] [3500000029] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!log10] [5300000043] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!fmod] [8300000067] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!floorf] [d3000000a3] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!floor] [14b00000101] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!ceilf] [20900000199] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!ceil] [33500000287] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [50b00000407] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_onexit] [8050000065b] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!__dllonexit] [cb300000a1f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_initterm] [201100001979] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_amsg_exit] [32cf0000285b] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_XcptFilter] [50b70000401b] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!wcstol] [8003000065a1] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_errno] [cb350000a153] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!wcscpy_s] [1428b00010001] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!realloc] [2001d00019661] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??0exception@@QEAA@AEBV0@@Z] [32cc300028529] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBD@Z] [50a2f00040003] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??1exception@@UEAA@XZ] [8001500065993] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!?what@exception@@UEBAPEBDXZ] [cb323000a1453] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_purecall] [1428b300100007] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??0bad_cast@@QEAA@AEBV0@@Z] [2000110019661f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??0bad_cast@@QEAA@PEBD@Z] [32cbff00285151] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??1bad_cast@@UEAA@XZ] [50a28d0040000f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??_V@YAXPEAX@Z] [80000900659801] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!strchr] [cb2ff900a14521] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!malloc] [ffffffff] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!free] [0] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!memmove] [64006e00690057] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!memmove_s] [2e00730077006f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!log10f] [6e0075006f0046] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_CountRefs] [3e003e] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrOleAllocate] [0] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrStubForwardingFunction] [64006e00690057] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrOleFree] [2e00730077006f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!IUnknown_QueryInterface_Proxy] [6e0075006f0046] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_Disconnect] [69007400610064] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!IUnknown_Release_Proxy] [43002e006e006f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_DebugServerQueryInterface] [65006c006c006f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_QueryInterface] [6f006900740063] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!IUnknown_AddRef_Proxy] [49002e0073006e] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrStubCall3] [74006300650056] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_DebugServerRelease] [6900560072006f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_IsIIDSupported] [31006000770065] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_Invoke] [6e00690057003c] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrCStdStubBuffer_Release] [730077006f0064] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrDllCanUnloadNow] [640065004d002e] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrCStdStubBuffer2_Release] [53002e00610069] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrDllGetClassObject] [61006500720074] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_Connect] [67006e0069006d] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_AddRef] [6500440049002e] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[ntdll.dll!RtlQueryWnfStateData] [3e006e006f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[ntdll.dll!RtlNtStatusToDosError] [64006e00690057] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[ntdll.dll!RtlSubscribeWnfStateChangeNotification] [2e00730077006f] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[ntdll.dll!RtlUnsubscribeWnfStateChangeNotification] [6e0075006f0046] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!GetApplicationManifestLanguages] [6c9d81ac66d60eab] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!Bcp47Normalize] [5a0b3bfce2fcc7c1] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!Bcp47GetExtensionSubstring] [7ecbd169e772b0b2] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!Bcp47GetIsoScriptCode] [49f388b3415a984a] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!GetUserLanguages] [6c0ddfbe0805af92] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!Bcp47GetDistance] [532e4b5698b9acc1] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!ResolveLanguages] [90ca1c29d50373ac] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!ClearApplicationLanguageOverride] [49dcaf72d322b163] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!SetApplicationLanguageOverride] [22679008a57d228b] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!Bcp47IsWellFormed] [0] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!GetApplicationLanguageOverride] [3800300025007b] IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!GetApplicationLanguages] [300025002d0058] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [1636:4076] fffff9600092f2d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Diagnostics\Performance@ActiveShutdownDCL C:\WINDOWS\System32\WDI\LogFiles\WdiContextLog.etl.003 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMO15A70_1F_07DA_95^E31A9EA2CA573A9B957AE374289AD020@Timestamp 0x23 0x55 0x9F 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0D6B0640-BB35-45E9-8185-348E11209EBD}\Connection@Name isatap.Speedport_W_504V_Typ_A Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager\Defrag@LastRun 04:21:2016 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager\Defrag@TotalBytesSaved 0x00 0x30 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 88506605 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 1804 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 1785 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 11577 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 227 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 1329 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 4068 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime 112 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 459 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 729 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 4640 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 240 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAllocateTime 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 5398 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 5431 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 9837 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 5418 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 11484 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 4837 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 275 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberSharedBufferTime 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 10941 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 4399 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime 187 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 11 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 1623 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 52 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 361488 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x60 0xCB 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 35244 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0xC4 0x44 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 109 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 112 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 82 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 3548 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 902 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 4426 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x8F 0xDB 0xE8 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\342387faebac Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{0D6B0640-BB35-45E9-8185-348E11209EBD}@DefunctTimestamp 0x83 0xE8 0x17 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 4403 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 5778 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1959 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@LeaseObtainedTime 1461310379 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@T1 1462217579 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@T2 1462897979 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@LeaseTerminatesTime 1463124779 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0x37 0x58 0xBF 0x32 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ---- |
Themen zu kernel_data_inpage_error und Rootkitverdacht |
bluescreen, bonjour, computer, desktop, device driver, dnsapi.dll, entfernen, error, excel, failed, flash player, google, hal.dll, home, homepage, log file, mp3, problem, realtek, rootkit, scan, software, starten, svchost.exe, system, taskmanager, virus, windows |