| Black Elvis | 26.04.2014 14:25 |
Firefox öffnet Werbetabs
Hallo,
seit neuestem öffnet Firefox einige Werbetabs ua. von thelotter, adultfriendfinder...
jetzt habe ich mal das System gescanned und hänge meine Logs an.
Danke für eure Hilfe!
Hier nochmal die Logs als Code
(OTL log ist zu groß, ist aber in der ZIP-Datei enthalten)
gmer: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-26 14:57:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 rev. 0,00MB
Running: gwqv3d9s.exe; Driver: C:\Users\David\AppData\Local\Temp\uxliqpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002db1000 45 bytes [00, 00, 1E, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002db102f 16 bytes [00, 02, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[3456] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076621465 2 bytes [62, 76]
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[3456] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000766214bb 2 bytes [62, 76]
.text ... * 2
.text C:\Programme 2\SpeedFan\speedfan.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076621465 2 bytes [62, 76]
.text C:\Programme 2\SpeedFan\speedfan.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766214bb 2 bytes [62, 76]
.text ... * 2
.text D:\gg\Defogger.exe[5936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076621465 2 bytes [62, 76]
.text D:\gg\Defogger.exe[5936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766214bb 2 bytes [62, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Microsoft IntelliPoint\ipoint.exe [3412:444] 000007fef0364e50
Thread C:\Program Files\Microsoft IntelliPoint\ipoint.exe [3412:3740] 000007fef0364e50
---- Processes - GMER 2.1 ----
Library C:\Users\David\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe [3456](2014-04-25 13:05:06) 0000000003900000
Library c:\users\david\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj_bmce.dll (*** suspicious ***) @ C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe [3456](2014-04-26 08:54:07) 0000000002d00000
Library C:\Users\David\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe [3456](2014-04-25 13:05:06) 000000006bfc0000
Library C:\Users\David\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe [3456] (ICU Data DLL/The ICU Project)(2014-04-25 13:05:06) 000000006b630000
Library C:\Users\David\AppData\Local\Temp\sfareca00001.dll (*** suspicious ***) @ C:\Programme 2\SpeedFan\speedfan.exe [4964](2014-04-26 07:46:56) 0000000070e10000
Library C:\Users\David\AppData\Local\Temp\sfamcc00001.dll (*** suspicious ***) @ C:\Programme 2\SpeedFan\speedfan.exe [4964](2014-04-24 15:18:34) 0000000010000000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
---- EOF - GMER 2.1 ----
OTL extras: Code:
OTL Extras logfile created on: 26.04.2014 15:00:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,48% Memory free
7,99 Gb Paging File | 6,03 Gb Available in Paging File | 75,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 170,21 Gb Free Space | 71,40% Space Free | Partition Type: NTFS
Drive D: | 1338,66 Gb Total Space | 31,80 Gb Free Space | 2,38% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 69,93 Mb Free Space | 69,94% Space Free | Partition Type: NTFS
Drive H: | 58,50 Gb Total Space | 12,46 Gb Free Space | 21,29% Space Free | Partition Type: NTFS
Computer Name: SEIFENKISTE | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1979561534-3972191489-2555310321-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Programme 2\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme 2\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MusicBee.1PlayNow] -- "C:\Programme 2\MusicBee\MusicBee.exe" "%1" /Play (Steven Mayall)
Directory [MusicBee.2QueueNext] -- "C:\Programme 2\MusicBee\MusicBee.exe" "%1" /QueueNext (Steven Mayall)
Directory [MusicBee.3QueueLast] -- "C:\Programme 2\MusicBee\MusicBee.exe" "%1" /QueueLast (Steven Mayall)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Programme 2\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme 2\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MusicBee.1PlayNow] -- "C:\Programme 2\MusicBee\MusicBee.exe" "%1" /Play (Steven Mayall)
Directory [MusicBee.2QueueNext] -- "C:\Programme 2\MusicBee\MusicBee.exe" "%1" /QueueNext (Steven Mayall)
Directory [MusicBee.3QueueLast] -- "C:\Programme 2\MusicBee\MusicBee.exe" "%1" /QueueLast (Steven Mayall)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D72CBA3-4030-49D3-A124-8175312A4A41}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A436D0B2-50B1-4645-836E-58884057CAB1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07220B1F-D891-4840-ABFD-7DA9FE539BCD}" = protocol=6 | dir=in | app=c:\programme 2\kmspico\service_kms.exe |
"{1FB2133E-0944-4718-B528-C3B08DFED88B}" = protocol=6 | dir=in | app=c:\programme 2\avg2014\avgmfapx.exe |
"{224C136E-94B7-4859-A9F2-067C72CC95F9}" = protocol=17 | dir=in | app=c:\programme 2\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{252E296C-4EDC-447F-8EFE-A37917F270C9}" = protocol=17 | dir=in | app=c:\programme 2\microsoft office\office15\lync.exe |
"{269A42E3-2170-40D4-96DE-8DECC4F3C191}" = protocol=6 | dir=in | app=c:\programme 2\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{287A77A8-94DD-4220-82F3-CCBFB189A660}" = protocol=6 | dir=in | app=c:\programme 2\microsoft office\office15\ucmapi.exe |
"{34D0EC75-529E-4CB5-A194-2D22044534A2}" = protocol=6 | dir=in | app=c:\programme 2\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{3D302180-4119-472D-91BE-8A81F6A0591E}" = protocol=17 | dir=in | app=c:\programme 2\avg2014\avgemca.exe |
"{4ABE19A4-A96A-4FA1-94B4-34D93FCB2FEA}" = protocol=17 | dir=in | app=c:\programme 2\avg2014\avgmfapx.exe |
"{551A80FC-3473-4320-B5C5-C71D04037B26}" = protocol=17 | dir=in | app=c:\programme 2\kmspico\autopico.exe |
"{5542E741-26E3-48B8-8AD1-35FE84C8DCC3}" = protocol=6 | dir=in | app=c:\programme 2\avg2014\avgdiagex.exe |
"{58ABDF4D-43D1-44EE-ABAD-4529DE5E995D}" = protocol=17 | dir=in | app=c:\programme 2\avg2014\avgdiagex.exe |
"{5BFEEFE1-D4F4-4D17-9DA8-D95106CA5183}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{616C2826-9430-4C0A-ABD6-93C1E44A6AA3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{624E0ED9-ABAD-459A-9D0D-C6D4CD20B559}" = dir=in | app=c:\programme 2\itunes\itunes.exe |
"{718B6927-1236-4947-A8D1-A0C2F4F4186A}" = protocol=17 | dir=in | app=c:\programme 2\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{748DB219-9DFA-4A25-A047-26DD6FD02D5D}" = protocol=6 | dir=in | app=c:\programme 2\kmspico\autopico.exe |
"{832159C7-4218-466C-B2DA-B6F1D54269EC}" = protocol=6 | dir=in | app=c:\programme 2\steam\steam.exe |
"{8EA37993-A840-4A73-BB5B-F433615D8731}" = protocol=6 | dir=in | app=c:\programme 2\microsoft office\office15\lync.exe |
"{9BA41FD8-5F87-4F5C-B501-1A8A1186CC1D}" = protocol=6 | dir=in | app=c:\programme 2\musicbee\musicbee.exe |
"{9D098C9F-47AA-4690-9DBF-8580C7E7A478}" = protocol=6 | dir=in | app=c:\programme 2\kmspico\kmseldi.exe |
"{A339E4FB-0F3A-4940-9652-C749094863EC}" = protocol=17 | dir=in | app=c:\programme 2\musicbee\musicbee.exe |
"{C21385CA-22C1-4B94-8284-B5A4F6426CA6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C855CF48-B4F5-4342-B58F-5B8FEBDA862A}" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe |
"{CB1A4C33-1DFB-4E9E-84CD-32F6E93C4E10}" = protocol=17 | dir=in | app=c:\programme 2\microsoft office\office15\ucmapi.exe |
"{CC7E77E4-3547-4631-BCC1-7E7794D98FD9}" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\spotify\spotify.exe |
"{CE4D08EA-9A06-482F-A3F7-97DA79936B84}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D060E80C-50F5-4067-AA71-FA9297891652}" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe |
"{DDB6D8CB-7CAB-40C2-AAF7-2C9A5D7FF58D}" = protocol=17 | dir=in | app=c:\programme 2\kmspico\kmseldi.exe |
"{DE668028-1313-477C-A69B-379E0CCAD951}" = protocol=17 | dir=in | app=c:\programme 2\kmspico\service_kms.exe |
"{E1147393-A94C-4AC0-90A3-98FACFD88251}" = protocol=6 | dir=in | app=c:\programme 2\avg2014\avgnsa.exe |
"{E28D2AAB-20FF-4A51-B679-9E7BFC9B5142}" = protocol=17 | dir=in | app=c:\programme 2\steam\steam.exe |
"{EB3B1B5F-0313-4559-9137-C911E9EC86B6}" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\spotify\spotify.exe |
"{EDC5A8A5-D95E-42C1-915F-0FB79474FABE}" = protocol=17 | dir=in | app=c:\programme 2\avg2014\avgnsa.exe |
"{EFDFF978-E7F5-4E56-9608-649286E1B7D8}" = protocol=6 | dir=in | app=c:\programme 2\avg2014\avgemca.exe |
"TCP Query User{D13107D7-A328-40D9-AFF5-4F3E4F31FA2F}C:\users\david\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\spotify\spotify.exe |
"TCP Query User{FC976ED5-68F2-4082-9E10-18A57E9148E1}C:\programme 2\musicbee\musicbee.exe" = protocol=6 | dir=in | app=c:\programme 2\musicbee\musicbee.exe |
"UDP Query User{008DA823-933A-45AF-A7D4-9C653925341F}C:\programme 2\musicbee\musicbee.exe" = protocol=17 | dir=in | app=c:\programme 2\musicbee\musicbee.exe |
"UDP Query User{71F968A0-EB34-4CC7-9300-57FF6C31CB2D}C:\users\david\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{144BE94F-6C38-81FB-33AD-77B633EFDA4B}" = AMD Fuel
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3C4513C1-8A04-3381-0AED-FC1A59B5B255}" = AMD Wireless Display v3.0
"{3D485521-9635-4ACE-AC81-51B33DF08EE8}" = AVG 2014
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{854E96CC-266C-4873-A50F-CDF5367EE848}" = AVG 2014
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-007E-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-008C-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-1000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2896D99-CD6F-4C15-8D8F-67BA9385202F}" = AMD Drag and Drop Transcoding
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A85C16DF-94E2-4EB6-3D38-87A6596F7EEB}" = ccc-utility64
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{C74A84EC-7C5F-4C36-A4A6-381E516D643B}" = Microsoft IntelliPoint 7.0
"{D6D77D65-2E2D-1BB8-FEA2-71BAE1481849}" = AMD Accelerated Video Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B2C61F-1C10-FD9B-C29C-D8B88C9849CF}" = AMD Catalyst Install Manager
"AVG" = AVG 2014
"jdownloader2" = JDownloader 2
"KMSpico_is1" = KMSpico v9.2.3
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"PotPlayer64" = Daum PotPlayer 1.5.45955 x64 Edition
"ProfessionalRetail - de-de" = Microsoft Office Professional 2013 - de-de
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013A0902-F4B4-EE6B-B0F6-02AE257C32C6}" = CCC Help Czech
"{03126094-4A82-39DE-8B11-E3EA5A8780A5}" = CCC Help Greek
"{0D31AFB6-7BF0-F0B3-2616-F736F1F8977E}" = CCC Help Polish
"{14DBCC4D-217D-217B-492F-6F09052C2273}" = Catalyst Control Center InstallProxy
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1121B3-D0D4-0203-9032-95861682A300}" = CCC Help Spanish
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{253E7D96-27F5-666D-8BE4-685EB3ED395F}" = CCC Help Hungarian
"{25CFE65E-F9CB-7BCF-9D12-70DCEE99E378}" = CCC Help Chinese Standard
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3A346455-CAAA-B154-0CF1-AE725045266B}" = CCC Help Thai
"{3B870F22-4C3C-5F2E-68E6-8BBAA417560D}" = CCC Help Korean
"{45798180-2C0A-8AF0-B101-0C9D7CED030E}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{517CC397-B22F-4593-8DCB-DE72CC541E9A}" = League of Legends
"{6716DDF8-442E-D185-5E0C-E07E32D4EC54}" = CCC Help Danish
"{731DD2DE-ED90-26EF-97CC-BE32F5B94C91}" = CCC Help Japanese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850618B7-0F54-6515-E47F-9C9A4BDDC138}" = CCC Help Turkish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CC53E56-4E66-5A01-DABB-A86B1D87451D}" = Catalyst Control Center Localization All
"{91907B8E-82DD-D216-9860-6AE9722D8306}" = CCC Help Finnish
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9960F779-7332-1F9A-CC24-B06654D7C2FD}" = CCC Help Portuguese
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{B6420DEA-1E15-4406-B6C6-F53B6BD07E10}" = CCC Help French
"{CA225778-2E66-6ACC-BA3B-0900B07D7E5F}" = CCC Help Italian
"{CAA57405-EF42-CE6C-4D85-D324A4A991E3}" = CCC Help Chinese Traditional
"{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding
"{D3080A9F-0B3D-8668-C472-E1DA1DAFADE0}" = CCC Help German
"{D9C1491F-F4B2-75C6-8082-941F58273F19}" = CCC Help Russian
"{E388A484-5191-720A-D5EF-D276F4D2951F}" = AMD Catalyst Control Center
"{E803E46E-D0CC-184A-9DDB-8889FD905B84}" = CCC Help English
"{F7FCAE15-2097-3EB8-936D-DB4D73142BE7}" = CCC Help Norwegian
"{FB5A8D39-5093-C601-C0AF-C8AD4127AA03}" = CCC Help Swedish
"{FD8C5295-2E81-61C9-B8C2-91C8DD7C7A8C}" = CCC Help Dutch
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"AC3Filter_is1" = AC3Filter 2.6.0b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESI- U46 Audio Driver Setup" = ESI- U46 Audio Driver
"Fliqlo" = Fliqlo Bildschirmschoner
"League of Legends 3.0.1" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.1.1004
"Mozilla Firefox 28.0 (x86 de)" = Mozilla Firefox 28.0 (x86 de)
"Mp3tag" = Mp3tag v2.59a
"Picasa 3" = Picasa 3
"SpeedFan" = SpeedFan (remove only)
"Steam" = Steam
"Steam App 7940" = Call of Duty 4: Modern Warfare
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1979561534-3972191489-2555310321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.04.2014 07:41:51 | Computer Name = Seifenkiste | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 26.04.2014 07:41:51 | Computer Name = Seifenkiste | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 26.04.2014 07:41:52 | Computer Name = Seifenkiste | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 26.04.2014 07:47:31 | Computer Name = Seifenkiste | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 26.04.2014 07:47:31 | Computer Name = Seifenkiste | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 26.04.2014 07:47:31 | Computer Name = Seifenkiste | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 26.04.2014 09:00:03 | Computer Name = Seifenkiste | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2014 09:02:58 | Computer Name = Seifenkiste | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 26.04.2014 09:02:58 | Computer Name = Seifenkiste | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 26.04.2014 09:02:58 | Computer Name = Seifenkiste | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ System Events ]
Error - 26.04.2014 08:53:27 | Computer Name = Seifenkiste | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753635.
Error - 26.04.2014 08:53:28 | Computer Name = Seifenkiste | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753635.
Error - 26.04.2014 08:53:29 | Computer Name = Seifenkiste | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753635.
Error - 26.04.2014 08:53:30 | Computer Name = Seifenkiste | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753635.
Error - 26.04.2014 08:53:31 | Computer Name = Seifenkiste | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753635.
Error - 26.04.2014 08:53:32 | Computer Name = Seifenkiste | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753635.
Error - 26.04.2014 08:53:33 | Computer Name = Seifenkiste | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753635.
Error - 26.04.2014 08:53:34 | Computer Name = Seifenkiste | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753635.
Error - 26.04.2014 08:53:35 | Computer Name = Seifenkiste | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753635.
Error - 26.04.2014 08:53:37 | Computer Name = Seifenkiste | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753635.
< End of report >
MBAM: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 26.04.2014
Scan Time: 15:12:02
Logfile: mbam.txt
Administrator: No
Version: 2.00.1.1004
Malware Database: v2014.04.26.01
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: David
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 251181
Time Elapsed: 4 min, 35 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 5
PUP.Optional.SkyTech.A, C:\Users\David\AppData\Local\Temp\is961225091\661083_stp\8APRwww.sweet-page.com.exe, Quarantined, [8564230b017add5933f09cb6a55cbb45],
PUP.Optional.SkyTech.A, C:\Users\David\AppData\Local\Temp\fullpackage_temp1398364995\alilog.dll, Quarantined, [36b368c6f6853ef81ef54ce6eb1522de],
PUP.Optional.SkyTech.A, C:\Users\David\AppData\Local\Temp\fullpackage_temp1398364995\package1.zip, Quarantined, [6f7ab37ba3d8fc3a5bb8939f38c8c937],
PUP.Optional.IePluginService.A, C:\Users\David\AppData\Local\Temp\fullpackage_temp1398364995\tmp\SupTab.exe, Quarantined, [5f8aba74a0dbf343b2911b37c1400df3],
PUP.Optional.WpManager, C:\Users\David\AppData\Local\Temp\fullpackage_temp1398364995\tmp\wpm.exe, Quarantined, [cd1ca688f48790a6eba724385aa7fb05],
Physical Sectors: 0
(No malicious items detected)
(end)
|
So funktioniert es:
FRST 32-Bit | FRST 64-Bit