![]() |
|
Log-Analyse und Auswertung: 2 Virenfunde Avira /gmer funktioniert nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() 2 Virenfunde Avira /gmer funktioniert nicht Hallo zusammen Das Aviraprogramm hat mir 2 Funde ausgespuckt die ich hier bereinigen lassen wollte defrogger : Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:36 on 19/01/2014 (phil radium) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- weis auch nicht warum Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 Ran by phil radium (administrator) on PHILRADIUM-PC on 19-01-2014 12:38:10 Running from C:\Users\normal\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Windows\PLFSetI.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Spotify Ltd) C:\Users\normal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor) HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [17412200 2010-04-07] (NVIDIA Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] () HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated) HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation) HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation) HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.) HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios) HKCU\...\Run: [Spotify] - C:\Users\phil radium\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-09-02] (Spotify Ltd) HKCU\...\Run: [Spotify Web Helper] - C:\Users\phil radium\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-09-02] (Spotify Ltd) HKCU\...\Run: [Benzul Activator] - C:\Program Files (x86)\Benzul\Activator\ascwx.exe [4379648 2012-12-10] () HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE551 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE551 BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Extension: Adblock Plus - C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-27] FF HKCU\...\Firefox\Extensions: [{450ef4aa-3d18-4b12-8d9f-ecc17330b054}] - C:\Program Files (x86)\LyricsSeeker\131.xpi Chrome: ======= CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-10-02] CHR Extension: (Google Docs) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-02] CHR Extension: (Google Drive) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-02] CHR Extension: (YouTube) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-02] CHR Extension: (Adblock Plus) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-19] CHR Extension: (Google-Suche) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-02] CHR Extension: (Google Wallet) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02] CHR Extension: (Google Mail) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-02] CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-07-26] CHR HKLM-x32\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files (x86)\LyricsSeeker\131.crx [2013-07-26] ==================== Services (Whitelisted) ================= S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [908856 2013-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.) R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia) R3 SjtWinIo; C:\Windows\System32\DRIVERS\SjtWinIo.sys [9216 2013-09-25] (SpeedJet Technology INC.) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-19 12:38 - 2014-01-19 12:38 - 00020331 _____ C:\Users\normal\Desktop\FRST.txt 2014-01-19 12:37 - 2014-01-19 12:37 - 02076672 _____ (Farbar) C:\Users\normal\Desktop\FRST64.exe 2014-01-19 12:36 - 2014-01-19 12:36 - 00000484 _____ C:\Users\normal\Desktop\defogger_disable.log 2014-01-19 12:35 - 2014-01-19 12:35 - 00050477 _____ C:\Users\normal\Desktop\Defogger.exe 2014-01-19 12:34 - 2014-01-19 12:34 - 00000918 _____ C:\Users\normal\Desktop\Ereignisse.txt 2014-01-19 12:27 - 2014-01-19 12:27 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-19 12:26 - 2014-01-19 12:26 - 00819176 _____ (Google Inc.) C:\Users\phil radium\Downloads\ChromeSetup.exe 2014-01-16 17:23 - 2014-01-16 17:23 - 00243567 _____ C:\Users\normal\Downloads\1HHO.pdb 2014-01-16 12:14 - 2014-01-16 12:14 - 00107163 _____ C:\Users\normal\Downloads\4HW1.pdb 2014-01-15 20:50 - 2014-01-15 20:50 - 00000000 ____D C:\Program Files (x86)\PyMOL 2014-01-15 20:30 - 2014-01-15 20:30 - 15570944 _____ C:\Users\normal\Downloads\pymol-v1.3r1-edu-Win32.msi 2014-01-15 11:18 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 11:18 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 11:18 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 11:18 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 11:18 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 11:18 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 11:18 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 11:18 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 11:18 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-14 15:46 - 2014-01-14 15:55 - 140300048 _____ C:\Users\normal\Downloads\avira_antivirus_suite_de (2).exe 2014-01-11 13:53 - 2014-01-11 13:53 - 00000000 ____D C:\Users\normal\AppData\Local\Microsoft Help 2014-01-11 13:35 - 2014-01-11 13:35 - 00015497 _____ C:\Users\normal\Downloads\Nicht bestätigt 760173.crdownload 2014-01-11 13:33 - 2014-01-15 21:33 - 00000000 ____D C:\Users\normal\Desktop\pc-protokolle-2014 2014-01-10 11:05 - 2014-01-10 11:05 - 00000000 ____D C:\Users\normal\Desktop\Originals 2014-01-09 09:32 - 2014-01-09 09:32 - 00010696 _____ C:\Users\normal\Downloads\sequence.gbx.xml 2014-01-04 22:50 - 2014-01-04 22:53 - 680512320 _____ C:\Users\normal\Downloads\ophcrack-vista-livecd-3.6.0.iso 2014-01-04 22:44 - 2014-01-04 22:44 - 02083288 _____ C:\Users\normal\Downloads\winrar-x64-501d.exe 2014-01-04 22:16 - 2014-01-04 22:19 - 410578278 _____ C:\Users\normal\Downloads\tables_vista_free.zip 2014-01-04 19:21 - 2014-01-04 19:21 - 01094939 _____ (pendrivelinux.com) C:\Users\normal\Downloads\Universal-USB-Installer-1.9.5.1.exe 2014-01-03 20:44 - 2014-01-03 20:44 - 00000000 ____D C:\Users\normal\AppData\Roaming\Canneverbe Limited 2014-01-03 20:44 - 2014-01-03 20:44 - 00000000 ____D C:\ProgramData\Canneverbe Limited 2013-12-23 12:09 - 2013-12-23 12:09 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks 2013-12-23 12:07 - 2013-12-23 12:08 - 00001594 _____ C:\Windows\VPNUnInstall.MIF 2013-12-23 12:03 - 2013-12-23 12:03 - 00000737 _____ C:\Users\normal\Downloads\VPN-Einwahl_Greifswald_Hochschule.pcf 2013-12-23 12:01 - 2013-12-23 12:01 - 05026816 _____ C:\Users\normal\Downloads\vpnclient-winx64-msi-5.0.07.0440-k9 (1).exe 2013-12-22 16:46 - 2013-12-22 16:47 - 00004273 _____ C:\Users\normal\Downloads\npsa_mpsaview.pl 2013-12-22 16:29 - 2013-12-22 16:29 - 00000556 _____ C:\Users\normal\Downloads\seqdump (10).txt 2013-12-22 16:29 - 2013-12-22 16:29 - 00000538 _____ C:\Users\normal\Downloads\seqdump (12).txt 2013-12-22 16:29 - 2013-12-22 16:29 - 00000538 _____ C:\Users\normal\Downloads\seqdump (11).txt 2013-12-22 16:28 - 2013-12-22 16:28 - 00000516 _____ C:\Users\normal\Downloads\seqdump (9).txt 2013-12-22 16:27 - 2013-12-22 16:27 - 00000516 _____ C:\Users\normal\Downloads\seqdump (8).txt 2013-12-22 16:26 - 2013-12-22 16:26 - 00000514 _____ C:\Users\normal\Downloads\seqdump (7).txt 2013-12-22 16:22 - 2013-12-22 16:22 - 00000686 _____ C:\Users\normal\Downloads\seqdump (6).txt 2013-12-22 16:22 - 2013-12-22 16:22 - 00000535 _____ C:\Users\normal\Downloads\seqdump (5).txt 2013-12-22 16:21 - 2013-12-22 16:21 - 00000987 _____ C:\Users\normal\Downloads\seqdump (4).txt 2013-12-22 16:20 - 2013-12-22 16:20 - 00000708 _____ C:\Users\normal\Downloads\seqdump (3).txt 2013-12-22 16:18 - 2013-12-22 16:18 - 00000550 _____ C:\Users\normal\Downloads\seqdump (2).txt 2013-12-22 16:16 - 2013-12-22 16:16 - 00001250 _____ C:\Users\normal\Downloads\seqdump (1).txt 2013-12-22 15:47 - 2013-12-22 15:47 - 00001250 _____ C:\Users\normal\Downloads\seqdump.txt 2013-12-22 12:33 - 2014-01-10 11:12 - 00000000 ____D C:\Users\normal\Desktop\CAIB ==================== One Month Modified Files and Folders ======= 2014-01-19 12:39 - 2014-01-19 12:38 - 00020331 _____ C:\Users\normal\Desktop\FRST.txt 2014-01-19 12:37 - 2014-01-19 12:37 - 02076672 _____ (Farbar) C:\Users\normal\Desktop\FRST64.exe 2014-01-19 12:36 - 2014-01-19 12:36 - 00000484 _____ C:\Users\normal\Desktop\defogger_disable.log 2014-01-19 12:35 - 2014-01-19 12:35 - 00050477 _____ C:\Users\normal\Desktop\Defogger.exe 2014-01-19 12:35 - 2013-08-27 18:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-19 12:34 - 2014-01-19 12:34 - 00000918 _____ C:\Users\normal\Desktop\Ereignisse.txt 2014-01-19 12:32 - 2013-08-27 18:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-19 12:29 - 2009-07-14 05:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-19 12:29 - 2009-07-14 05:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-19 12:27 - 2014-01-19 12:27 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-19 12:26 - 2014-01-19 12:26 - 00819176 _____ (Google Inc.) C:\Users\phil radium\Downloads\ChromeSetup.exe 2014-01-19 12:24 - 2013-10-30 16:40 - 00005144 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for philradium-PC-normal philradium-PC 2014-01-19 12:21 - 2013-12-10 12:22 - 00000000 ____D C:\Users\normal\AppData\Roaming\Spotify 2014-01-19 12:20 - 2013-08-27 18:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-19 12:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-19 12:19 - 2009-07-14 05:51 - 00047092 _____ C:\Windows\setupact.log 2014-01-18 23:17 - 2013-08-27 16:04 - 01846377 _____ C:\Windows\WindowsUpdate.log 2014-01-18 16:58 - 2013-10-29 19:53 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430076251-3564822088-1984558500-1002UA.job 2014-01-18 01:36 - 2013-10-29 19:53 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430076251-3564822088-1984558500-1002Core.job 2014-01-16 17:23 - 2014-01-16 17:23 - 00243567 _____ C:\Users\normal\Downloads\1HHO.pdb 2014-01-16 12:14 - 2014-01-16 12:14 - 00107163 _____ C:\Users\normal\Downloads\4HW1.pdb 2014-01-16 09:43 - 2009-07-14 05:45 - 00460784 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-16 00:55 - 2013-10-24 13:06 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-16 00:55 - 2013-08-30 10:09 - 00000000 ____D C:\Windows\system32\MRT 2014-01-16 00:55 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini 2014-01-16 00:51 - 2013-08-30 10:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-15 21:33 - 2014-01-11 13:33 - 00000000 ____D C:\Users\normal\Desktop\pc-protokolle-2014 2014-01-15 20:50 - 2014-01-15 20:50 - 00000000 ____D C:\Program Files (x86)\PyMOL 2014-01-15 20:30 - 2014-01-15 20:30 - 15570944 _____ C:\Users\normal\Downloads\pymol-v1.3r1-edu-Win32.msi 2014-01-14 16:02 - 2013-08-27 16:01 - 00451690 _____ C:\Windows\PFRO.log 2014-01-14 15:55 - 2014-01-14 15:46 - 140300048 _____ C:\Users\normal\Downloads\avira_antivirus_suite_de (2).exe 2014-01-11 13:53 - 2014-01-11 13:53 - 00000000 ____D C:\Users\normal\AppData\Local\Microsoft Help 2014-01-11 13:35 - 2014-01-11 13:35 - 00015497 _____ C:\Users\normal\Downloads\Nicht bestätigt 760173.crdownload 2014-01-10 11:12 - 2013-12-22 12:33 - 00000000 ____D C:\Users\normal\Desktop\CAIB 2014-01-10 11:05 - 2014-01-10 11:05 - 00000000 ____D C:\Users\normal\Desktop\Originals 2014-01-09 09:32 - 2014-01-09 09:32 - 00010696 _____ C:\Users\normal\Downloads\sequence.gbx.xml 2014-01-04 22:53 - 2014-01-04 22:50 - 680512320 _____ C:\Users\normal\Downloads\ophcrack-vista-livecd-3.6.0.iso 2014-01-04 22:44 - 2014-01-04 22:44 - 02083288 _____ C:\Users\normal\Downloads\winrar-x64-501d.exe 2014-01-04 22:19 - 2014-01-04 22:16 - 410578278 _____ C:\Users\normal\Downloads\tables_vista_free.zip 2014-01-04 19:21 - 2014-01-04 19:21 - 01094939 _____ (pendrivelinux.com) C:\Users\normal\Downloads\Universal-USB-Installer-1.9.5.1.exe 2014-01-04 19:17 - 2013-08-28 01:57 - 00654166 _____ C:\Windows\system32\perfh007.dat 2014-01-04 19:17 - 2013-08-28 01:57 - 00130006 _____ C:\Windows\system32\perfc007.dat 2014-01-04 19:17 - 2009-07-14 06:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-04 10:22 - 2013-10-05 20:07 - 00000000 ____D C:\Users\normal 2014-01-04 09:32 - 2013-10-24 13:13 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2014-01-04 09:32 - 2013-08-27 16:13 - 00000000 ____D C:\Users\phil radium 2014-01-04 09:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2014-01-04 09:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2014-01-03 20:44 - 2014-01-03 20:44 - 00000000 ____D C:\Users\normal\AppData\Roaming\Canneverbe Limited 2014-01-03 20:44 - 2014-01-03 20:44 - 00000000 ____D C:\ProgramData\Canneverbe Limited 2013-12-26 11:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-12-25 13:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-12-23 12:10 - 2013-11-11 08:31 - 00001594 _____ C:\Windows\VPNInstall.MIF 2013-12-23 12:09 - 2013-12-23 12:09 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks 2013-12-23 12:08 - 2013-12-23 12:07 - 00001594 _____ C:\Windows\VPNUnInstall.MIF 2013-12-23 12:03 - 2013-12-23 12:03 - 00000737 _____ C:\Users\normal\Downloads\VPN-Einwahl_Greifswald_Hochschule.pcf 2013-12-23 12:01 - 2013-12-23 12:01 - 05026816 _____ C:\Users\normal\Downloads\vpnclient-winx64-msi-5.0.07.0440-k9 (1).exe 2013-12-22 16:47 - 2013-12-22 16:46 - 00004273 _____ C:\Users\normal\Downloads\npsa_mpsaview.pl 2013-12-22 16:29 - 2013-12-22 16:29 - 00000556 _____ C:\Users\normal\Downloads\seqdump (10).txt 2013-12-22 16:29 - 2013-12-22 16:29 - 00000538 _____ C:\Users\normal\Downloads\seqdump (12).txt 2013-12-22 16:29 - 2013-12-22 16:29 - 00000538 _____ C:\Users\normal\Downloads\seqdump (11).txt 2013-12-22 16:28 - 2013-12-22 16:28 - 00000516 _____ C:\Users\normal\Downloads\seqdump (9).txt 2013-12-22 16:27 - 2013-12-22 16:27 - 00000516 _____ C:\Users\normal\Downloads\seqdump (8).txt 2013-12-22 16:26 - 2013-12-22 16:26 - 00000514 _____ C:\Users\normal\Downloads\seqdump (7).txt 2013-12-22 16:22 - 2013-12-22 16:22 - 00000686 _____ C:\Users\normal\Downloads\seqdump (6).txt 2013-12-22 16:22 - 2013-12-22 16:22 - 00000535 _____ C:\Users\normal\Downloads\seqdump (5).txt 2013-12-22 16:21 - 2013-12-22 16:21 - 00000987 _____ C:\Users\normal\Downloads\seqdump (4).txt 2013-12-22 16:20 - 2013-12-22 16:20 - 00000708 _____ C:\Users\normal\Downloads\seqdump (3).txt 2013-12-22 16:18 - 2013-12-22 16:18 - 00000550 _____ C:\Users\normal\Downloads\seqdump (2).txt 2013-12-22 16:16 - 2013-12-22 16:16 - 00001250 _____ C:\Users\normal\Downloads\seqdump (1).txt 2013-12-22 15:47 - 2013-12-22 15:47 - 00001250 _____ C:\Users\normal\Downloads\seqdump.txt Some content of TEMP: ==================== C:\Users\normal\AppData\Local\Temp\avgnt.exe C:\Users\normal\AppData\Local\Temp\vpnclient_setup.exe C:\Users\phil radium\AppData\Local\Temp\avgnt.exe C:\Users\phil radium\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe C:\Users\phil radium\AppData\Local\Temp\ose00000.exe C:\Users\phil radium\AppData\Local\Temp\vpnclient_setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-10 15:23 ==================== End Of Log ============================ ich hab es 2 mal versucht und windows meinte es läuft nicht richtig es hat nach eine problemlösung gesucht und dann kam ein bluescran und er hat neu gestarten. das Gleiche hab ich im Abgesicherten modus probiert und hab den hacken bei Devices entfernt . Avira Ergebnis: Code:
ATTFilter Exportierte Ereignisse: 14.01.2014 18:35 [System-Scanner] Malware gefunden Die Datei 'C:\Users\phil radium\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJ9ACNOW\Firefox_Setup.exe' enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen7' [adware]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5ef1d89f.qua' verschoben! ![]() |
Themen zu 2 Virenfunde Avira /gmer funktioniert nicht |
adblock, adobe, antivirus, browser, combofix, flash player, home, iexplore.exe, launch, malware, mozilla, pup.optional.1clickdownload.a, pup.optional.bonanzadeals.a, pup.optional.bundleinstaller.a, registry, secunia psi, services.exe, software, spotify web helper, svchost.exe, symantec, system, tables, viren befall, warum |