| L_U_C_K_Y | 11.01.2014 18:02 |
Win 7 - Firefox langsam und Skript-Warnmeldungen - Folge von GVU-Trojaner ?
Guten Tag,
ich hatte mir vor einigen Wochen auf meinem Netbook (Samsun NF310, Win7 SP1 32bit) einen GVU-Trojaner eingefangen. Ich hab leider (da kannte ich Eure 1. goldenen Regel noch nicht) versucht, mir selbst zu behelfen und bin nach einer im Netz gefundenen Anleitung wie folgt vorgegangen:
- Rechner ausgeschaltet -> im abgesicherten Modus gestartet -> CCleaner ausgeführt
- auf c: nach ungewöhnlicher *.exe gesucht -> nichts gefunden
- Systemkonfiguration/Systemstart auf fremde Systemstartelemente geprüft -> nichts gefunden
- Registry auf bestimmte Einträge geprüft -> nichts gefunden
- mit Avast Internet Security einen Quickscan durchgeführt -> nichts gefunden
- Rechner runter gefahren und neu (normal) gestartet:
von dem GVU-Trojaner ist nun (oberflächlich) nichts mehr zu sehen.
Allerdings habe ich jetzt folg. Probleme mit Firefox:
FF ist stellenweise sehr langsam und schon einige mal komplett abgestürzt; außerdem erhalte ich öfters in der Titelleistung die Meldung "(keine Rückmeldung)" und Warnmeldungen, dass ein Skript nicht antwortet oder beschädigt ist, wie z.B.:
"Skript: chrome://wrc/content/common/scripts/bal.js:1172" oder
"Skript: https://www.google.de/xjs/_/js/k=xjs.s.en_US.EeLgqkzqnSg.O/m=c,sb,cr,epb,jp,elog,r,hsm,j,p,pcc,csi/am=AAMAow/rt=j/d=1/sv=1/rs=AItRSTMyeKoBhGV6IKll27m-n0a5hClIzQ:740"
SORRY für den Roman und vorab Vielen Dank für Eure Mühe und Hilfe!
hier meine aktuellen Logfiles: FRST.txt:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2014 01
Ran by CHEFFE (administrator) on LUCKY-PC on 11-01-2014 15:54:58
Running from C:\Users\CHEFFE\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\Mobile Partner\Mobile Partner.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9734760 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2286888 2011-08-25] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-18] (AVAST Software)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: {987ba8e2-6b4b-11e3-a0eb-001e101f1838} - E:\AutoRun.exe
MountPoints2: {e54de2d2-33b5-11e2-b124-4cedde7dcc4c} - E:\AutoRun.exe
MountPoints2: {e54de2df-33b5-11e2-b124-4cedde7dcc4c} - E:\AutoRun.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: W2PBrowser Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{7E21F067-B96A-4D61-8212-262EE61318AD}: [NameServer]193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\CHEFFE\AppData\Roaming\Mozilla\Firefox\Profiles\yzhu60zs.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\CHEFFE\AppData\Roaming\Mozilla\Firefox\Profiles\yzhu60zs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: NoSquint - C:\Users\CHEFFE\AppData\Roaming\Mozilla\Firefox\Profiles\yzhu60zs.default\Extensions\nosquint@urandom.ca.xpi
FF Extension: NoScript - C:\Users\CHEFFE\AppData\Roaming\Mozilla\Firefox\Profiles\yzhu60zs.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\CHEFFE\AppData\Roaming\Mozilla\Firefox\Profiles\yzhu60zs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-18] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2013-12-18] (AVAST Software)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [218624 2012-11-21] ()
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
==================== Drivers (Whitelisted) ====================
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [26136 2013-10-24] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2013-12-18] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [265072 2014-01-11] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2013-10-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-10-24] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2013-12-18] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410528 2013-12-18] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2013-12-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2013-12-18] ()
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [508184 2013-11-09] (Broadcom Corporation.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35088 2013-04-30] (The OpenVPN Project)
U3 fgloapoc; \??\C:\Users\CHEFFE\AppData\Local\Temp\fgloapoc.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-11 15:54 - 2014-01-11 15:55 - 00010817 _____ C:\Users\CHEFFE\Desktop\FRST.txt
2014-01-11 11:57 - 2014-01-11 11:40 - 01220096 _____ (Farbar) C:\Users\CHEFFE\Desktop\FRST.exe
2013-12-31 08:27 - 2014-01-11 15:12 - 00000448 _____ C:\windows\setupact.log
2013-12-31 08:27 - 2013-12-31 08:27 - 00000000 _____ C:\windows\setuperr.log
2013-12-19 23:21 - 2014-01-11 11:58 - 00000000 ____D C:\FRST
2013-12-19 14:40 - 2014-01-11 12:05 - 00000000 ____D C:\Users\CHEFFE\Desktop\Seuche
2013-12-19 14:36 - 2013-12-19 14:36 - 00000000 ____D C:\windows\ERUNT
2013-12-19 14:13 - 2013-12-19 14:22 - 00000000 ____D C:\AdwCleaner
2013-12-19 11:07 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-19 11:07 - 2013-10-25 05:45 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-19 11:07 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-19 11:07 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-19 11:07 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-19 11:07 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-19 11:07 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-19 11:07 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-19 11:07 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-19 11:07 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-19 11:07 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-19 11:07 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-19 11:07 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-19 11:07 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-19 11:07 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-19 11:07 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-18 17:12 - 2013-12-18 17:12 - 00000000 ____D C:\Users\CHEFFE\Documents\Bluetooth-Exchange-Ordner
2013-12-18 15:58 - 2013-12-18 15:58 - 00001027 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2013-12-18 15:58 - 2013-12-18 15:58 - 00000000 ____D C:\Users\CHEFFE\AppData\Roaming\Malwarebytes
2013-12-18 15:58 - 2013-12-18 15:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-18 15:58 - 2013-12-18 15:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-18 15:58 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-12-18 13:05 - 2014-01-11 15:13 - 00002014 _____ C:\Users\CHEFFE\Desktop\SafeZone-Browser.lnk
2013-12-18 12:14 - 2013-12-18 12:14 - 00000000 ____D C:\Users\CHEFFE\AppData\Local\Google
2013-12-18 12:06 - 2013-12-21 16:32 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2013-12-13 12:43 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-13 12:43 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-13 12:41 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-13 12:41 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-13 12:41 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-13 12:41 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-13 12:41 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-13 12:41 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-13 12:41 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-13 12:41 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-13 12:41 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-13 12:41 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-13 12:41 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-01-11 15:55 - 2014-01-11 15:54 - 00010817 _____ C:\Users\CHEFFE\Desktop\FRST.txt
2014-01-11 15:54 - 2013-06-16 00:17 - 01299320 _____ C:\windows\WindowsUpdate.log
2014-01-11 15:43 - 2013-10-24 11:32 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-11 15:21 - 2009-07-14 05:34 - 00015424 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-11 15:21 - 2009-07-14 05:34 - 00015424 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-11 15:13 - 2013-12-18 13:05 - 00002014 _____ C:\Users\CHEFFE\Desktop\SafeZone-Browser.lnk
2014-01-11 15:13 - 2013-11-27 12:43 - 00000433 _____ C:\windows\system32\Drivers\etc\hosts.ics
2014-01-11 15:13 - 2013-10-24 11:32 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-11 15:12 - 2013-12-31 08:27 - 00000448 _____ C:\windows\setupact.log
2014-01-11 15:12 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-11 14:34 - 2013-02-17 03:35 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-11 12:07 - 2013-03-09 11:51 - 00265072 _____ (AVAST Software) C:\windows\system32\Drivers\aswndisflt.sys
2014-01-11 12:05 - 2013-12-19 14:40 - 00000000 ____D C:\Users\CHEFFE\Desktop\Seuche
2014-01-11 11:58 - 2013-12-19 23:21 - 00000000 ____D C:\FRST
2014-01-11 11:40 - 2014-01-11 11:57 - 01220096 _____ (Farbar) C:\Users\CHEFFE\Desktop\FRST.exe
2014-01-05 10:52 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\NDF
2014-01-04 17:35 - 2012-11-21 13:49 - 00000000 ____D C:\Users\CHEFFE\AppData\Local\CrashDumps
2013-12-31 15:54 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-12-31 08:27 - 2013-12-31 08:27 - 00000000 _____ C:\windows\setuperr.log
2013-12-30 19:44 - 2013-08-15 21:22 - 00000000 ____D C:\Users\CHEFFE\AppData\Local\PokerStars.EU
2013-12-26 00:31 - 2012-11-21 09:38 - 00000000 ____D C:\Users\CHEFFE\AppData\Roaming\SoftGrid Client
2013-12-23 10:17 - 2009-07-26 21:06 - 01650384 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-22 02:22 - 2013-07-17 07:16 - 00000000 ____D C:\Users\CHEFFE\AppData\Roaming\vlc
2013-12-21 16:32 - 2013-12-18 12:06 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2013-12-19 23:19 - 2012-11-23 10:07 - 00000925 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-19 23:19 - 2012-11-23 10:07 - 00000000 ____D C:\Program Files\CCleaner
2013-12-19 16:00 - 2009-07-26 21:57 - 00000000 ____D C:\windows\Panther
2013-12-19 14:36 - 2013-12-19 14:36 - 00000000 ____D C:\windows\ERUNT
2013-12-19 14:22 - 2013-12-19 14:13 - 00000000 ____D C:\AdwCleaner
2013-12-19 13:22 - 2012-12-08 21:35 - 00000000 ____D C:\Program Files\Recuva
2013-12-19 13:17 - 2012-11-20 10:37 - 00000000 ____D C:\Users\CHEFFE
2013-12-18 17:12 - 2013-12-18 17:12 - 00000000 ____D C:\Users\CHEFFE\Documents\Bluetooth-Exchange-Ordner
2013-12-18 15:58 - 2013-12-18 15:58 - 00001027 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2013-12-18 15:58 - 2013-12-18 15:58 - 00000000 ____D C:\Users\CHEFFE\AppData\Roaming\Malwarebytes
2013-12-18 15:58 - 2013-12-18 15:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-18 15:58 - 2013-12-18 15:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-18 12:14 - 2013-12-18 12:14 - 00000000 ____D C:\Users\CHEFFE\AppData\Local\Google
2013-12-18 12:07 - 2013-02-15 22:44 - 00002013 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-12-18 12:06 - 2013-03-09 11:51 - 00180248 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-12-18 12:06 - 2013-01-20 14:41 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-12-18 12:06 - 2013-01-20 14:41 - 00410528 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-12-18 12:06 - 2013-01-20 14:41 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-12-18 12:06 - 2013-01-20 14:40 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-12-18 12:06 - 2013-01-20 14:40 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-12-17 19:56 - 2013-11-15 18:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-17 13:00 - 2012-12-08 22:31 - 00000000 ____D C:\Users\CHEFFE\AppData\Local\Windows Live
2013-12-15 10:45 - 2012-11-20 10:54 - 00058016 _____ C:\Users\CHEFFE\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-13 12:55 - 2009-07-14 05:33 - 00347936 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-13 12:52 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\de-DE
2013-12-13 12:50 - 2013-07-21 08:46 - 00000000 ____D C:\windows\system32\MRT
2013-12-13 12:44 - 2012-11-24 01:21 - 88123800 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-13 10:57 - 2010-10-29 03:59 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-12-13 10:10 - 2012-11-21 22:36 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-12-13 10:10 - 2012-11-21 22:36 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-13 09:27 - 2013-10-16 06:24 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-31 15:46
==================== End Of Log ============================
--- --- ---
--- --- --- Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2014 01
Ran by CHEFFE at 2014-01-11 15:56:17
Running from C:\Users\CHEFFE\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
„Messenger“ pagalbinė priemonė (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144 - Adobe Systems, Inc.)
Atheros Client Installation Program (Version: 1.0.5.0621 - Atheros)
avast! Internet Security (Version: 9.0.2011 - Avast Software)
BatteryLifeExtender (Version: 1.0.6 - Samsung)
Broadcom 802.11 Network Adapter (Version: 5.60.48.44 - Broadcom Corporation)
CCleaner (Version: 4.09 - Piriform)
Complément Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ConvertHelper 2.2 (Version: - DownloadHelper)
CyberLink YouCam (Version: 2.0.3911 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3911 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Doplnok programu Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Easy Content Share (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (Version: 4.4.1 - Samsung)
Easy SpeedUp Manager (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (Version: 4.0.0.4 - Samsung)
EasyFileShare (Version: 1.0.3 - Samsung)
Fast Start (Version: 2.2.0.0 - SAMSUNG)
Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2117 - Intel Corporation)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marvell Miniport Driver (Version: 11.24.27.3 - Marvell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Pratilac (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Suradnik (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 사이트 공유 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Partner (Version: 21.005.11.01.858 - Huawei Technologies Co.,Ltd)
Movie Color Enhancer (Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (Version: 24.2.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PokerStars.eu (Version: - PokerStars.eu)
Pomocnik Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (Version: 6.0.1.6210 - Realtek Semiconductor Corp.)
Recuva (Version: 1.44 - Piriform)
Samsung AnyWeb Print (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung AnyWeb Print (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (Version: 5.0.0.7 - Samsung)
Samsung Support Center 1.0 (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (Version: 1.2.1.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
Spremljevalec Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
SRS Premium Sound Control Panel (Version: 1.09.0800 - SRS Labs, Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.3.22.0 - Synaptics Incorporated)
User Guide (Version: 1.0 - )
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
WIDCOMM Bluetooth Software (Version: 6.5.1.4100 - Broadcom Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Pošta (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 (32-Bit) (Version: 5.00.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
13-12-2013 11:42:03 Windows Update
18-12-2013 11:02:21 avast! antivirus system restore point
18-12-2013 11:07:09 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
19-12-2013 10:06:08 Windows Update
31-12-2013 07:32:09 Windows Update
05-01-2014 10:48:14 Windows Update
11-01-2014 08:19:49 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:04 - 2013-02-15 23:54 - 00000824 ____R C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0BDA32AA-D551-457A-B128-D79768CEB0E3} - System32\Tasks\MovieColorEnhancer => C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
Task: {139D9316-9D69-40C3-AC6C-4738914AC53F} - System32\Tasks\IdlePowerSave => C:\Windows\Idle\DetectIdleTask.exe [2010-07-31] (TODO: <회사 이름>)
Task: {1E30110C-2D91-473E-AE27-B954F9CB17C3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-18] (AVAST Software)
Task: {24B8DDF9-2E43-4184-BEAA-51871B5AE460} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe [2010-10-20] (SRS Labs, Inc.)
Task: {24EA586F-CCD2-45C2-A2EE-B3184989F764} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {263980DF-68A4-46B9-A147-50885D07407A} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-08-12] (Samsung Electronics. Co. Ltd.)
Task: {26FF392B-E802-4A29-A356-EED4E4843B12} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-20] (Samsung Electronics Co., Ltd.)
Task: {437A9202-B7C4-455D-85B1-6755EFCE0AF1} - System32\Tasks\FixIt_69D5DA04-2F8C-4c60-899D-7280C6BB422A => C:\ProgramData\FixIt_69D5DA04-2F8C-4c60-899D-7280C6BB422A\Reset.bat [2010-08-16] ()
Task: {53A523DB-2FBE-4485-AB5E-6AB568D35A0D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6C7002AA-5908-44F0-8CF4-B52C3A24DF4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-13] (Adobe Systems Incorporated)
Task: {A44C89CF-9D68-42FD-94FF-714EE4626A1C} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {B3AA582F-CBD6-494F-90A1-C110DA701314} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {CDFAFA25-6162-4957-AADC-445A87D43086} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-08-05] (Samsung Electronics)
Task: {D4C731A1-E3FB-4760-B413-74DFB15F1754} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)
Task: {DD7BA69E-9487-454E-A5AC-5526111E9925} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {DF8BAC86-1517-4A73-8E0F-0A56D8A507B4} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {E67D1287-5F85-4173-9A73-180D01F3E8EE} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {F2C55F80-9918-401F-AE9A-72B7C0C414D4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FixIt_69D5DA04-2F8C-4c60-899D-7280C6BB422A.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-10-29 03:54 - 2010-07-05 11:42 - 00203776 _____ () C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
2010-10-29 03:39 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2013-10-24 07:43 - 2013-10-24 07:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-10-29 03:32 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00428032 _____ () C:\Program Files\Mobile Partner\core.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00261632 _____ () C:\Program Files\Mobile Partner\sdk.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00011362 _____ () C:\Program Files\Mobile Partner\mingwm10.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00043008 _____ () C:\Program Files\Mobile Partner\libgcc_s_dw2-1.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 02415104 _____ () C:\Program Files\Mobile Partner\QtCore4.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 09515520 _____ () C:\Program Files\Mobile Partner\QtGui4.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00381952 _____ () C:\Program Files\Mobile Partner\Proxy.DLL
2012-11-21 10:24 - 2012-11-21 10:24 - 00218112 _____ () C:\Program Files\Mobile Partner\Common.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00135168 _____ () C:\Program Files\Mobile Partner\Trace.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00545280 _____ () C:\Program Files\Mobile Partner\PluginContainer.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00238080 _____ () C:\Program Files\Mobile Partner\AtCodec.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00301056 _____ () C:\Program Files\Mobile Partner\DeviceSrvPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00235008 _____ () C:\Program Files\Mobile Partner\NetSrvPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00133120 _____ () C:\Program Files\Mobile Partner\OSDialup.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00159232 _____ () C:\Program Files\Mobile Partner\XCodec.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00157184 _____ () C:\Program Files\Mobile Partner\DataServicePlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00176128 _____ () C:\Program Files\Mobile Partner\CallSrvPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00264704 _____ () C:\Program Files\Mobile Partner\AddrBookSrvPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00217600 _____ () C:\Program Files\Mobile Partner\SmsSrvPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00142336 _____ () C:\Program Files\Mobile Partner\USSDSrvPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00156672 _____ () C:\Program Files\Mobile Partner\STKSrvPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00338432 _____ () C:\Program Files\Mobile Partner\DeviceAppPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00065536 _____ () C:\Program Files\Mobile Partner\OSPowerMgr.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00106496 _____ () C:\Program Files\Mobile Partner\Win7Support.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 01077248 _____ () C:\Program Files\Mobile Partner\AddrBookPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00670720 _____ () C:\Program Files\Mobile Partner\SmsAppPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00550400 _____ () C:\Program Files\Mobile Partner\CallAppPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00547840 _____ () C:\Program Files\Mobile Partner\CallLogSrvPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00158720 _____ () C:\Program Files\Mobile Partner\NetConnectSrvPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00211968 _____ () C:\Program Files\Mobile Partner\DialUpPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00101376 _____ () C:\Program Files\Mobile Partner\OSAdapt.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00180224 _____ () C:\Program Files\Mobile Partner\NDISPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00131072 _____ () C:\Program Files\Mobile Partner\OSNDIS.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 01101824 _____ () C:\Program Files\Mobile Partner\NDISAPI.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00278528 _____ () C:\Program Files\Mobile Partner\NetInfoSrvPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00062976 _____ () C:\Program Files\Mobile Partner\OSCall.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00495104 _____ () C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00123392 _____ () C:\Program Files\Mobile Partner\ATR2SMgr.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00184832 _____ () C:\Program Files\Mobile Partner\XFramePlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00308224 _____ () C:\Program Files\Mobile Partner\StatusBarMgrPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00117760 _____ () C:\Program Files\Mobile Partner\LayoutPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00428032 _____ () C:\Program Files\Mobile Partner\DialupUIPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00093184 _____ () C:\Program Files\Mobile Partner\NotifyServicePlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00333312 _____ () C:\Program Files\Mobile Partner\NetConnectPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00249344 _____ () C:\Program Files\Mobile Partner\MenuMgrPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00483328 _____ () C:\Program Files\Mobile Partner\NetInfoUIExPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00808960 _____ () C:\Program Files\Mobile Partner\SMSUIPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00739328 _____ () C:\Program Files\Mobile Partner\AddrBookUIPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00239104 _____ () C:\Program Files\Mobile Partner\LiveUpdateInterface.DLL
2012-11-21 10:24 - 2012-11-21 10:24 - 01148416 _____ () C:\Program Files\Mobile Partner\QtNetwork4.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00229888 _____ () C:\Program Files\Mobile Partner\ToolBarMgrPlugin.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00082944 _____ () C:\Program Files\Mobile Partner\plugins\imageformats\qgif4.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00081920 _____ () C:\Program Files\Mobile Partner\plugins\imageformats\qico4.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00192000 _____ () C:\Program Files\Mobile Partner\plugins\imageformats\qjpeg4.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00350720 _____ () C:\Program Files\Mobile Partner\plugins\imageformats\qmng4.dll
2012-11-21 10:24 - 2012-11-21 10:24 - 00370176 _____ () C:\Program Files\Mobile Partner\plugins\imageformats\qtiff4.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: WebCam SCB-0385N
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Samsung Universal Scan Driver
Description: Samsung Universal Scan Driver
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Samsung
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/11/2014 03:23:23 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/11/2014 03:03:46 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/11/2014 11:58:44 AM) (Source: Application Hang) (User: )
Description: Programm FRST.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 478
Startzeit: 01cf0ebc0a8403bf
Endzeit: 16
Anwendungspfad: C:\Users\CHEFFE\Desktop\FRST.exe
Berichts-ID: 53b114d3-7aaf-11e3-9d46-001e101fa1f5
Error: (01/10/2014 06:18:12 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/05/2014 10:53:17 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/04/2014 05:35:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x2e4
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (12/31/2013 03:50:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/31/2013 03:47:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/31/2013 03:47:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/31/2013 03:46:40 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (01/11/2014 03:13:23 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/11/2014 03:12:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/11/2014 03:12:54 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (01/11/2014 03:12:39 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 11.01.2014 um 15:04:07 unerwartet heruntergefahren.
Error: (01/11/2014 02:53:46 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/11/2014 02:53:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/11/2014 02:53:22 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (01/11/2014 02:35:56 PM) (Source: ipnathlp) (User: )
Description: 0
Error: (01/11/2014 02:35:54 PM) (Source: ipnathlp) (User: )
Description: 0
Error: (01/11/2014 02:35:52 PM) (Source: ipnathlp) (User: )
Description: 0
Microsoft Office Sessions:
=========================
Error: (01/11/2014 03:23:23 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/11/2014 03:03:46 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/11/2014 11:58:44 AM) (Source: Application Hang)(User: )
Description: FRST.exe3.3.8.147801cf0ebc0a8403bf16C:\Users\CHEFFE\Desktop\FRST.exe53b114d3-7aaf-11e3-9d46-001e101fa1f5
Error: (01/10/2014 06:18:12 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/05/2014 10:53:17 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/04/2014 05:35:22 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a82e401cf095a1b6506eeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll347eb01d-755e-11e3-8ecc-001e101fb4df
Error: (12/31/2013 03:50:04 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\easy display manager\RunGfxUI64.exe
Error: (12/31/2013 03:47:48 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
Error: (12/31/2013 03:47:15 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest
Error: (12/31/2013 03:46:40 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest
==================== Memory info ===========================
Percentage of memory in use: 49%
Total physical RAM: 2037.3 MB
Available physical RAM: 1035.78 MB
Total Pagefile: 4074.59 MB
Available Pagefile: 2860.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.06 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:81 GB) (Free:50.9 GB) NTFS
Drive d: () (Fixed) (Total:134.82 GB) (Free:73.4 GB) NTFS
Drive e: (Mobile Partner) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 9F89D315)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=81 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=135 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=17 GB) - (Type=27)
==================== End Of Log ============================
Gmer.txt: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-11 15:46:19
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ESBO 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CHEFFE\AppData\Local\Temp\fgloapoc.sys
---- System - GMER 2.1 ----
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8E753AD0]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8E7545AE]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8E7605E0]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8E76062C]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8E7607C6]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8E76054E]
SSDT \??\C:\windows\system32\drivers\aswSP.sys ZwCreateSection [0x88FA3386]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8E760596]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8E754AE4]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8E754D00]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8E760780]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8E75539C]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8E753B36]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8E758B32]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8E75371E]
SSDT \??\C:\windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x88FA3466]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8E753B9C]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8E758F28]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8E755E2C]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8E76060A]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8E76064E]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8E7607EA]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8E760574]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8E75842C]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8E7606FE]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8E7605BE]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8E758814]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8E7607A4]
SSDT \??\C:\windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x88FA320A]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8E755CF8]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8E755A06]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8E753C02]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8E753C68]
SSDT \??\C:\windows\system32\drivers\aswSP.sys ZwSetContextThread [0x88FA3562]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8E7537B8]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8E75398E]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8E75391C]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8E755566]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8E7556C8]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8E753A16]
SSDT \??\C:\windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x88FA32D8]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8E7551F6]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8E753CCE]
SSDT \??\C:\windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8E75460A]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E82A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBC212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82EC3460 4 Bytes [D0, 3A, 75, 8E] {SAR BYTE [EDX], 0x1; JNZ 0xffffff92}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82EC34E8 4 Bytes [AE, 45, 75, 8E] {SCASB ; INC EBP; JNZ 0xffffff92}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82EC353C 5 Bytes [E0, 05, 76, 8E, 2C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AD 82EC3542 2 Bytes [76, 8E] {JBE 0xffffff90}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82EC3548 4 Bytes [C6, 07, 76, 8E]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\windows\System32\svchost.exe[124] kernel32.dll!GetBinaryTypeW + 70 776A69E4 1 Byte [62]
.text C:\windows\system32\sppsvc.exe[244] kernel32.dll!GetBinaryTypeW + 70 776A69E4 1 Byte [62]
.text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[448] kernel32.dll!GetBinaryTypeW + 70 776A69E4 1 Byte [62]
.text C:\windows\system32\igfxsrvc.exe[460] kernel32.dll!GetBinaryTypeW + 70 776A69E4 1 Byte [62]
.text C:\windows\system32\csrss.exe[484] kernel32.dll!GetBinaryTypeW + 70 776A69E4 1 Byte [62]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb115fe28
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde7dcc4c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde7dcc4c@8c71f8a0e16f 0x5C 0x36 0x68 0xE4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde7dcc4c@ccf9e8f63745 0x1A 0xA8 0x9B 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb115fe28 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde7dcc4c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde7dcc4c@8c71f8a0e16f 0x5C 0x36 0x68 0xE4 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde7dcc4c@ccf9e8f63745 0x1A 0xA8 0x9B 0x3F ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
