| sgoallstar | 09.12.2013 13:03 |
Boot- und Softwareprobleme
Hallo,
mein Laptop macht mir seit ein paar Tagen Schwierigkeiten. Er hängt bei relativ einfachen Prozessen ( Firefox, Chrome) und auch beim ganz normalen Schreiben im Word kommt es oft zu unverständlich Ladezeiten. Ich wäre sehr erfreut wenn ihr mir helfen könntet. Ich schreibe meine Masterarbeit und sichere meine Daten jeden Tag auf einen USB- Stick. Falls ich einen Schädling auf dem Rechner habe wäre es nett, wenn ihr mir sagen könntet, wie wahrscheinlich es ist, dass der USB-Stick mit befallen ist. Im Anhang sind die Log-files.
FRST
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2013 03
Ran by Bluescreen_Alex at 2013-12-09 12:46:37
Running from C:\Users\Bluescreen_Alex\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Command & Conquer Generals (x32 Version: 0.50.0000)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Dropbox (HKCU Version: 2.4.6)
Google Chrome (x32 Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.22.3)
iTunes (Version: 11.1.2.32)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (Version: 14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (Version: 14.0.4763.1000)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
QuickTime (x32 Version: 7.74.80.86)
Skype™ 6.7 (x32 Version: 6.7.102)
Spotify (HKCU Version: 0.9.6.81.gd359a796)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
VLC media player 2.0.6 (x32 Version: 2.0.6)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
Zattoo4 4.0.5 (x32 Version: 4.0.5)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1FDBF904-AEEC-4FC6-8690-BBCD84F40C06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {81DC23F4-9DF0-4FC5-B176-1734EB26F264} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BD401BE1-D424-4ECA-8106-84C6F3AB48E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-08] (Google Inc.)
Task: {BDC157B6-9507-4ED8-BF29-C4C0045DED88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-30 08:54 - 2013-12-02 19:46 - 36967424 _____ () C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\libcef.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Bluescreen_Alex\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-23 14:59 - 2013-11-13 04:39 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/09/2013 09:53:36 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (12/06/2013 04:32:36 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A78EA877-61A8-499E-AD40-E4B4315E50CB}\mpengine.dll" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Hostprozess für Windows-Dienste wurde wegen dieses Fehlers geschlossen.
Programm: Hostprozess für Windows-Dienste
Datei: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A78EA877-61A8-499E-AD40-E4B4315E50CB}\mpengine.dll
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: C0000185
Datenträgertyp: 3
Error: (12/06/2013 04:32:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_WinDefend, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.10100.0, Zeitstempel: 0x527c55db
Ausnahmecode: 0xc0000006
Fehleroffset: 0x000000000063bcdc
ID des fehlerhaften Prozesses: 0x654
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_WinDefend0
Pfad der fehlerhaften Anwendung: svchost.exe_WinDefend1
Pfad des fehlerhaften Moduls: svchost.exe_WinDefend2
Berichtskennung: svchost.exe_WinDefend3
Error: (12/06/2013 03:36:21 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (12/05/2013 01:54:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3276
Error: (12/05/2013 01:54:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3276
Error: (12/05/2013 01:54:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/05/2013 01:54:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2106
Error: (12/05/2013 01:54:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2106
Error: (12/05/2013 01:54:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (12/09/2013 00:17:51 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (12/09/2013 00:14:13 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (12/09/2013 00:14:13 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (12/09/2013 00:14:13 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (12/09/2013 00:14:13 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (12/09/2013 10:53:08 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.
Error: (12/09/2013 10:52:36 AM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (12/09/2013 10:52:36 AM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (12/09/2013 10:52:36 AM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (12/09/2013 10:52:36 AM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Microsoft Office Sessions:
=========================
Error: (12/09/2013 09:53:36 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (12/06/2013 04:32:36 PM) (Source: Application Error)(User: )
Description: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A78EA877-61A8-499E-AD40-E4B4315E50CB}\mpengine.dllHostprozess für Windows-DiensteC00001853
Error: (12/06/2013 04:32:36 PM) (Source: Application Error)(User: )
Description: svchost.exe_WinDefend6.1.7600.163854a5bc3c1mpengine.dll1.1.10100.0527c55dbc0000006000000000063bcdc65401cef296d42dc478C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A78EA877-61A8-499E-AD40-E4B4315E50CB}\mpengine.dlla1a52a98-5e8b-11e3-a1b7-4061861c312c
Error: (12/06/2013 03:36:21 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (12/05/2013 01:54:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3276
Error: (12/05/2013 01:54:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3276
Error: (12/05/2013 01:54:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/05/2013 01:54:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2106
Error: (12/05/2013 01:54:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2106
Error: (12/05/2013 01:54:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 4077.62 MB
Available physical RAM: 2531.87 MB
Total Pagefile: 8153.41 MB
Available Pagefile: 6542.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:273.4 GB) (Free:74.85 GB) NTFS
Drive d: (Data) (Fixed) (Total:182.26 GB) (Free:182.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DC82BA58)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=273 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=182 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- ---
GMER
GMER Logfile: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-09 12:54:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 WDC_WD5000BEVT-22ZAT0 rev.01.01A01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\BLUESC~1\AppData\Local\Temp\kwdyypob.sys
---- User code sections - GMER 2.1 ----
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\spotify.exe[2204] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 00000000772c000c 1 byte [C3]
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\spotify.exe[2204] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007734f8ea 5 bytes JMP 00000001772fd5c1
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\spotify.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76]
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\spotify.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76]
.text ... * 2
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe[2244] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76]
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe[2244] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76]
.text ... * 2
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76]
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76]
.text ... * 2
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76]
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76]
.text ... * 2
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76]
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76]
.text ... * 2
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076af1465 2 bytes [AF, 76]
.text C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076af14bb 2 bytes [AF, 76]
.text ... * 2
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[3948] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 1 0000000076fc9b81 11 bytes {MOV EAX, 0xffffffffe9ed6274; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX}
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[3948] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefd6675f0 5 bytes JMP 000007fffd2a00d8
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[3948] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff1c1180 5 bytes JMP 000007fffd2a01b8
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[3948] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff1c1320 7 bytes JMP 000007fffd2a0148
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[3948] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff1c4450 6 bytes JMP 000007fffd2a0110
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[3948] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff1c6720 10 bytes JMP 000007fffd2a0180
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[2492] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 1 0000000076fc9b81 11 bytes {MOV EAX, 0xffffffffe9ed6274; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX}
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[2492] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefd6675f0 5 bytes JMP 000007fffd2a00d8
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[2492] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff1c1180 5 bytes JMP 000007fffd2a01b8
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[2492] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff1c1320 7 bytes JMP 000007fffd2a0148
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[2492] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff1c4450 6 bytes JMP 000007fffd2a0110
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[2492] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff1c6720 10 bytes JMP 000007fffd2a0180
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1156:1176] 000007fef80a2888
Thread C:\Windows\system32\svchost.exe [1156:3192] 000007fef80a2a40
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4061863e52ae
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4061863e52ae (not active ControlSet)
---- EOF - GMER 2.1 ----
--- --- ---
hijackthis
[spoiler]
aHiJackthis Logfile: Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:52, on 09.12.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\spotify.exe
C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Bluescreen_Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bluescreen_Alex\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Spotify] "C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Bluescreen_Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = Bluescreen_Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10069 bytes
--- --- --- |
So funktioniert es: