Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.01.2014, 15:23   #1
chribum
 
Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden - Unglücklich

Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden



Hallo liebe Leute!!

Nachdem ich kürzlich von dem großen Datenklau erfahren habe, habe ich den BSI-Sicherheitstest auf der Seite https://www.sicherheitstest.bsi.de/ durchgeführt und erfahren, dass mein e-mail Account betroffen war.
Danach habe ich einen Avira Systemcheck gemacht und war über einige Funde erschrocken.


Ich würde mich sehr freuen, wenn ihr mir dabei helfen könntet!!

hier kommen die Logs:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:58 on 25/01/2014 (klo)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2014
Ran by klo (administrator) on KLO-PC on 25-01-2014 12:32:21
Running from C:\Users\klo\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal


==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor Corp.) C:\Users\klo\AppData\Local\Temp\RtkBtMnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Spotify Ltd) C:\Users\klo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\klo\AppData\Local\Temp\Rar$EX29.456\AA1FanControl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-14] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-05-30] (Acer Incorporated)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM\...\RunOnce: [NoIE4StubProcessing] - C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f [61952 2009-04-10] (Microsoft Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKCU\...\Run: [Spotify] - C:\Users\klo\AppData\Roaming\Spotify\Spotify.exe [5951488 2014-01-01] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\klo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-01-01] (Spotify Ltd)
HKCU\...\Run: [Acer Aspire One Fan Control] - C:\Users\klo\AppData\Local\Temp\Rar$EX29.456\AA1FanControl.exe [800256 2008-10-23] () <===== ATTENTION
MountPoints2: {79471583-06e0-11e1-917d-00238b00b369} - F:\SETUP.EXE
MountPoints2: {aa781c5d-8da3-11e2-9752-00238b00b369} - G:\Startme.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
IFEO\spyhunter4.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=aspire_6930g
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=aspire_6930g
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE453DE453
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE453DE453
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\klo\AppData\Roaming\Mozilla\Firefox\Profiles\3yqvbe21.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPPDLicenseHelper - C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\klo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\klo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\klo\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\klo\AppData\Roaming\Mozilla\Firefox\Profiles\3yqvbe21.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: Adblock Plus - C:\Users\klo\AppData\Roaming\Mozilla\Firefox\Profiles\3yqvbe21.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-01]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] ()
S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
S4 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [279712 2013-02-08] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-11-13] (DT Soft Ltd)
R2 enodpl; C:\Windows\System32\drivers\enodpl.sys [7552 2003-03-02] ()
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] ()
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47104 2008-05-19] (Atheros Communications, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-02-08] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
R2 tandpl; C:\Windows\System32\drivers\tandpl.sys [4736 2003-04-18] ()
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 gsplittm; \??\C:\Users\klo\AppData\Local\Temp\gsplittm.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-25 12:32 - 2014-01-25 12:33 - 00018358 _____ C:\Users\klo\Desktop\FRST.txt
2014-01-25 12:32 - 2014-01-25 12:32 - 00000000 ____D C:\FRST
2014-01-25 12:31 - 2014-01-25 12:31 - 01222144 _____ (Farbar) C:\Users\klo\Desktop\FRST.exe
2014-01-25 12:28 - 2014-01-25 12:28 - 00050477 _____ C:\Users\klo\Desktop\Defogger.exe
2014-01-25 12:28 - 2014-01-25 12:28 - 00000538 _____ C:\Users\klo\Downloads\defogger_disable.log
2014-01-25 12:28 - 2014-01-25 12:28 - 00000156 _____ C:\Users\klo\defogger_reenable
2014-01-25 12:23 - 2014-01-25 12:26 - 00003682 _____ C:\Windows\IE9_main.log
2014-01-25 12:13 - 2014-01-25 12:14 - 00429752 _____ C:\Windows\msxml4-KB973688-enu.LOG
2014-01-25 12:06 - 2014-01-25 12:09 - 00000000 ____D C:\Windows\system32\MRT
2014-01-06 20:53 - 2014-01-06 20:53 - 00000000 ____D C:\Users\klo\Desktop\Suhl Februar 2013
2013-12-31 15:31 - 2013-12-31 15:31 - 00001047 _____ C:\Users\klo\Desktop\FalloutLauncher - Verknüpfung.lnk
2013-12-30 16:06 - 2013-12-30 16:06 - 00001679 _____ C:\Users\klo\Desktop\Quiche.txt
2013-12-30 15:39 - 2013-12-28 12:55 - 00000000 ____D C:\Users\klo\Desktop\KPpr0n

==================== One Month Modified Files and Folders =======

2014-01-25 12:33 - 2014-01-25 12:32 - 00018358 _____ C:\Users\klo\Desktop\FRST.txt
2014-01-25 12:32 - 2014-01-25 12:32 - 00000000 ____D C:\FRST
2014-01-25 12:32 - 2013-01-08 13:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 12:32 - 2011-10-10 14:22 - 01424726 _____ C:\Windows\WindowsUpdate.log
2014-01-25 12:31 - 2014-01-25 12:31 - 01222144 _____ (Farbar) C:\Users\klo\Desktop\FRST.exe
2014-01-25 12:29 - 2008-01-21 08:16 - 01628402 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 12:28 - 2014-01-25 12:28 - 00050477 _____ C:\Users\klo\Desktop\Defogger.exe
2014-01-25 12:28 - 2014-01-25 12:28 - 00000538 _____ C:\Users\klo\Downloads\defogger_disable.log
2014-01-25 12:28 - 2014-01-25 12:28 - 00000156 _____ C:\Users\klo\defogger_reenable
2014-01-25 12:28 - 2011-10-10 14:30 - 00000000 ____D C:\Users\klo
2014-01-25 12:28 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-25 12:26 - 2014-01-25 12:23 - 00003682 _____ C:\Windows\IE9_main.log
2014-01-25 12:14 - 2014-01-25 12:13 - 00429752 _____ C:\Windows\msxml4-KB973688-enu.LOG
2014-01-25 12:09 - 2014-01-25 12:06 - 00000000 ____D C:\Windows\system32\MRT
2014-01-25 12:02 - 2011-11-18 01:04 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-25 12:02 - 2011-11-18 01:04 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 11:51 - 2011-10-10 16:06 - 00000000 ____D C:\Users\klo\AppData\Local\Adobe
2014-01-25 10:44 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-25 10:44 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-25 08:47 - 2012-04-02 20:16 - 00000000 ____D C:\Users\klo\AppData\Roaming\Spotify
2014-01-25 08:46 - 2011-10-10 14:48 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2014-01-25 08:44 - 2012-06-07 07:40 - 05410010 _____ C:\Windows\PFRO.log
2014-01-25 08:44 - 2008-07-30 03:13 - 00000147 _____ C:\Windows\system32\agent.log
2014-01-25 08:44 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 01:45 - 2006-11-02 14:01 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-24 13:25 - 2012-08-22 11:42 - 00000000 ____D C:\Program Files\Diablo II
2014-01-18 16:16 - 2012-06-06 22:26 - 00041348 _____ C:\Windows\setupact.log
2014-01-17 14:20 - 2008-07-30 02:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-06 20:58 - 2011-10-18 23:05 - 00160768 _____ C:\Users\klo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-06 20:53 - 2014-01-06 20:53 - 00000000 ____D C:\Users\klo\Desktop\Suhl Februar 2013
2014-01-06 19:39 - 2013-12-19 10:49 - 00000000 ____D C:\Users\klo\AppData\Local\Fallout3
2014-01-06 16:20 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-01 17:18 - 2013-09-10 08:38 - 00000113 _____ C:\Users\klo\Desktop\Zugang 1&1.txt
2013-12-31 20:35 - 2012-04-02 20:16 - 00000000 ____D C:\Users\klo\AppData\Local\Spotify
2013-12-31 15:31 - 2013-12-31 15:31 - 00001047 _____ C:\Users\klo\Desktop\FalloutLauncher - Verknüpfung.lnk
2013-12-30 16:06 - 2013-12-30 16:06 - 00001679 _____ C:\Users\klo\Desktop\Quiche.txt
2013-12-28 12:55 - 2013-12-30 15:39 - 00000000 ____D C:\Users\klo\Desktop\KPpr0n

Files to move or delete:
====================
C:\Users\klo\AppData\Local\Temp\Rar$EX29.456\AA1FanControl.exe
C:\ProgramData\dsgsdgdsgdsgw.pad


Some content of TEMP:
====================
C:\Users\klo\AppData\Local\Temp\avgnt.exe
C:\Users\klo\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-25 08:52

==================== End Of Log ============================
         
--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2014
Ran by klo at 2014-01-25 12:33:33
Running from C:\Users\klo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 2.1.0 - Hewlett-Packard) Hidden
Acer Arcade Deluxe (Version: 2.0.5529 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5529 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam (Version: 5.2.7.1 - Suyin Optronics Corp)
Acer eAudio Management (Version: 3.0.3008 - CyberLink Corp.)
Acer eDataSecurity Management (Version: 3.0.3062 - Egis Inc.)
Acer Empowering Technology (Version: 3.0.3009 - Acer Incorporated)
Acer ePower Management (Version: 3.0.3014 - Acer Incorporated)
Acer eRecovery Management (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (Version: 3.0.3007 - Acer Incorporated)
Acer GridVista (Version: 2.72.317 - )
Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) - Deutsch (Version: 10.1.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122 - Adobe Systems, Inc.)
AIO_Scan (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.30 - Atheros Communications Inc.)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (Version: 12.10.0.2948 - APN, LLC)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
C5200 (Version: 100.0.206.000 - Ihr Firmenname) Hidden
C5200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version:  - ) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink PowerDirector (Version: 6.5.3023d - CyberLink Corp.)
CyberLink PowerDirector (Version: 6.5.3023d - CyberLink Corp.) Hidden
DAEMON Tools Lite (Version: 4.46.1.0327 - DT Soft Ltd)
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Diablo II (Version:  - )
DivX-Setup (Version: 2.6.1.5 - DivX, LLC)
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKCU Version: 2.0.5 - Dropbox, Inc.)
Dunkle Magie (Version: 1.3a - LAP)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Video Calling 1.2.0.287 (Version: 1.2.287 - Skype Limited)
Fallout 3 (Version: 1.00.0000 - Bethesda Softworks)
Fax (Version: 100.0.187.000 - Hewlett-Packard) Hidden
Foxit PDF Creator Toolbar (Version: 1.15.4.0 - Ask.com)
Foxit PDF Creator Toolbar Updater (HKCU Version: 1.2.2.23821 - Ask.com)
Free YouTube to MP3 Converter version 3.11.34.1015 (Version: 3.11.34.1015 - DVDVideoSoft Ltd.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Gothic II - Die Nacht des Raben (Version:  - JoWooD Productions Software AG)
Gothic II (Version:  - JoWooD Productions Software AG)
Gothic III - Götterdämmerung Patch (Version: 1.0.0 - JoWood) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.73.00.52 - Conexant Systems)
Hero Editor V1.04 (Version:  - )
HP Customer Participation Program 10.0 (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (Version: 10.0 - HP)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Photosmart Essential 2.5 (Version: 2.5 - HP)
HP Smart Web Printing (Version: 3.5 - HP)
HP Solution Center 10.0 (Version: 10.0 - HP)
HP Update (Version: 4.000.007.003 - Hewlett-Packard)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (Version: 12.00.0004 - Intel(R) Corporation)
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (Version: 6.0.290 - Oracle)
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
Launch Manager (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
MarketingReg (Version: 1.00.1 - Hewlett-Packard) Hidden
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Game Studios Common Redistributables Pack 1 (Version: 1.0.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
NTI Backup Now 5 (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA Grafiktreiber 307.83 (Version: 307.83 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 10.0 (Version: 10.0 - HP)
OpenOffice.org 3.3 (Version: 3.3.9567 - OpenOffice.org)
PanoStandAlone (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Protect Disc License Helper 1.0.118 (Version: 1.0.118 - Protect Disc)
ProtectDisc Driver, Version 11 (Version: 11.0.0.11 - ProtectDisc Software GmbH)
PS_AIO_02_ProductContext (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (Version:  - Realtek Semiconductor Corp.)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 10.0 - HP)
Skype™ 6.7 (Version: 6.7.102 - Skype Technologies S.A.)
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
SPBA 5.8 (Version: 5.8.2.4218 - UPEK Inc.)
Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB)
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 11.1.4.0 - Synaptics)
System Requirements Lab (Version:  - )
Tinypic 3.18 (Version: Tinypic 3.18 - E. Fiedler)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2011 (Version: 10.0.4600.4 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4 - TuneUp Software) Hidden
TVicPort 4.1 Free Personal Edition (Version:  - )
UltraStar Deluxe (Version: 1.1 - USDX Team)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1 - Microsoft Corporation)
VarusBiker Edition (Version: 1.4b - VarusBiker)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Velaya - Geschichte einer Kriegerin (Version: 1.1 - Schreiberling und Sektenspinner)
Velaya Sprachausgabe 1.00 (Version:  - Schreiberling und Sektenspinner)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
VLC media player 1.1.11 (Version: 1.1.11 - VideoLAN)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Winbond CIR Device Drivers (Version: 7.60.1012 - Winbond Electronics Corporation)
WinRAR 4.01 (32-Bit) (Version: 4.01.0 - win.rar GmbH)
X in 1 Mod (Version: 1.1 - bonne6 und davied)

==================== Restore Points  =========================

15-01-2014 11:36:54 Geplanter Prüfpunkt
16-01-2014 15:05:56 Geplanter Prüfpunkt
17-01-2014 12:37:42 Installiert Enter The Matrix
17-01-2014 13:19:47 Entfernt Enter The Matrix
18-01-2014 16:44:50 Geplanter Prüfpunkt
19-01-2014 19:25:10 Geplanter Prüfpunkt
20-01-2014 20:03:22 Geplanter Prüfpunkt
21-01-2014 10:20:33 Geplanter Prüfpunkt
22-01-2014 14:54:19 Geplanter Prüfpunkt
24-01-2014 11:59:56 Geplanter Prüfpunkt
25-01-2014 11:00:25 Windows Update

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {06445F71-6F49-4AAC-8D53-CF362366665F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-18] (Google Inc.)
Task: {075F2D51-90C5-4104-AD5A-B003E6FF404A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4A2B196B-899E-463B-AE1E-D4F9DB02FF64} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14] (Hewlett-Packard)
Task: {63A2FC6D-EE12-492F-9E72-56CF6A2D37BC} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-06-06] ()
Task: {79452186-4ED1-4F9A-90E2-0A60C189DE7A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-268476347-555274086-2057882796-1000Core => C:\Users\klo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {91251E00-6AA7-462A-B4E4-C86B0FCDCCFC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {A9A55385-CE81-451F-ACB9-8DC29AF4E1BF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-268476347-555274086-2057882796-1000UA => C:\Users\klo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {B18562E2-21AF-4922-8ADE-F4E36235568A} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29] ()
Task: {B7338189-B48C-4BD4-91A5-375257C7B106} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {D3FE1F6D-721D-42D2-8C87-98BFC393E9CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-18] (Google Inc.)
Task: {DA34DBEA-C3E3-40A7-B3A6-F6235F15278F} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FAB12CF3-97BF-401F-A582-B59809B626E0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-268476347-555274086-2057882796-1000Core.job => C:\Users\klo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-268476347-555274086-2057882796-1000UA.job => C:\Users\klo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-07-30 02:47 - 2008-06-11 09:21 - 00204800 _____ () C:\Windows\System32\SysHook.dll
2011-11-04 14:06 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2008-05-14 16:05 - 2008-05-14 16:05 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2011-10-10 14:47 - 2011-10-10 14:47 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2011-10-10 14:47 - 2011-10-10 14:47 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2011-10-10 14:47 - 2011-10-10 14:47 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2013-12-20 15:28 - 2013-12-20 15:29 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2014 00:14:09 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1935. An error occured during the installation of assembly component {7B2B4EA5-1028-B7E6-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9876.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"

Error: (01/25/2014 08:46:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 10:57:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 05:59:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 10:42:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 09:11:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 06:20:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 00:41:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 00:54:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2014 06:45:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/25/2014 00:14:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Update für Microsoft XML Core Services 4.0 Service Pack 2 (KB973688){4EB6F812-F2AE-43EF-9FE0-11ED711339BB}102

Error: (01/25/2014 08:46:43 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/24/2014 10:57:43 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/24/2014 06:00:59 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/24/2014 10:43:59 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/23/2014 09:11:47 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/23/2014 06:22:11 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/23/2014 00:41:23 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/23/2014 00:54:25 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/22/2014 06:45:44 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service


Microsoft Office Sessions:
=========================
Error: (01/25/2014 00:14:09 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1935. An error occured during the installation of assembly component {7B2B4EA5-1028-B7E6-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9876.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"(NULL)(NULL)(NULL)(NULL)

Error: (01/25/2014 08:46:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 10:57:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 05:59:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 10:42:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 09:11:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 06:20:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 00:41:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2014 00:54:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2014 06:45:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-01-01 13:54:58.164
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-01 01:17:54.057
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-31 19:19:21.677
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-31 19:17:51.206
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-31 19:17:48.015
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-31 19:17:42.833
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-31 19:17:40.131
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-31 19:17:38.044
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-31 19:17:30.336
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-31 19:17:28.558
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 3035.93 MB
Available physical RAM: 1321.38 MB
Total Pagefile: 6280.05 MB
Available Pagefile: 4286.41 MB
Total Virtual: 2799.88 MB
Available Virtual: 2668.93 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:33.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:85.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1A3173EB)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=12)

==================== End Of Log ============================
         

Code:
ATTFilter
GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-25 14:46:38
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: gmer.exe; Driver: C:\Users\klo\AppData\Local\Temp\kxtdqpow.sys


---- System - GMER 2.1 ----

SSDT            BE69BFBE                                                                                                                                                                                                                                                              ZwCreateSection
SSDT            BE69BFC8                                                                                                                                                                                                                                                              ZwRequestWaitReplyPort
SSDT            BE69BFC3                                                                                                                                                                                                                                                              ZwSetContextThread
SSDT            BE69BFCD                                                                                                                                                                                                                                                              ZwSetSecurityObject
SSDT            BE69BFD2                                                                                                                                                                                                                                                              ZwSystemDebugControl
SSDT            BE69BF5F                                                                                                                                                                                                                                                              ZwTerminateProcess

INT 0x51        ?                                                                                                                                                                                                                                                                     B2F34A50
INT 0x52        ?                                                                                                                                                                                                                                                                     B2F35A50
INT 0x61        ?                                                                                                                                                                                                                                                                     B2F34CD0
INT 0x62        ?                                                                                                                                                                                                                                                                     B12C0550
INT 0x71        ?                                                                                                                                                                                                                                                                     B2F35050
INT 0x72        ?                                                                                                                                                                                                                                                                     B2F35550
INT 0x82        ?                                                                                                                                                                                                                                                                     B2F35CD0
INT 0x92        ?                                                                                                                                                                                                                                                                     B12C0A50
INT 0xA2        ?                                                                                                                                                                                                                                                                     B2F34550
INT 0xB0        ?                                                                                                                                                                                                                                                                     B2F347D0
INT 0xB1        ?                                                                                                                                                                                                                                                                     B12C0CD0
INT 0xB2        ?                                                                                                                                                                                                                                                                     B12C07D0

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                                                                                                                                                                         E22FE958 4 Bytes  [BE, BF, 69, BE]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                                                                                                                                                                                         E22FEC7C 4 Bytes  [C8, BF, 69, BE] {ENTER 0x69bf, 0xbe}
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                                                                                                                                                                         E22FECB0 4 Bytes  [C3, BF, 69, BE]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                                                                                                                                                                                         E22FED14 4 Bytes  [CD, BF, 69, BE]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                                                                                                                                                                                         E22FED5C 4 Bytes  [D2, BF, 69, BE]
.text           ...                                                                                                                                                                                                                                                                   
.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                                                                                                                                                                                              section is executable [0xD0727300, 0x25D4C, 0xE0000060]
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                                                                                                                                                section is writeable [0xD074E300, 0x3AF78, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                                                                                                                                                section is writeable [0xD07A4300, 0x1BCE, 0xE8000020]
                C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                                                                                                                                                                 entry point in "" section [0xD534441C]
.clc            C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                                                                                                                                                                 unknown last code section [0xD5345000, 0x1000, 0xE0000020]

---- User code sections - GMER 2.1 ----

.text           C:\Windows\Explorer.EXE[2436] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                                                                                                                                                                                            76CBB37C 4 Bytes  [00, 26, 45, 00]
.text           C:\Windows\Explorer.EXE[2436] SHELL32.dll!ShellExecuteExW + 18B7                                                                                                                                                                                                      76CEDA0C 4 Bytes  JMP 451B1076 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5184] ntdll.dll!LdrLoadDll                                                                                                                                                                                               77AE9390 5 Bytes  JMP 5F31B780 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5184] kernel32.dll!HeapSetInformation + 26                                                                                                                                                                               7657A84A 7 Bytes  JMP 5F320836 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5184] kernel32.dll!LockResource + C                                                                                                                                                                                      765968EB 7 Bytes  JMP 5FB56EDA C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5184] kernel32.dll!VirtualAllocEx + 54                                                                                                                                                                                   7659AD50 7 Bytes  JMP 5FB56EFD C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5184] GDI32.dll!SetStretchBltMode + 256                                                                                                                                                                                  7679745C 7 Bytes  JMP 5FB56E5B C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                                                                                                               Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                                                                                                               Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@SetupExecute                                                                                                                                                                                                    C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe /display_progress \SystemRoot\WinSxS\pending.xml?
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0\Performance@Last Counter                                                                                                                                                                                  9926
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0\Performance@Last Help                                                                                                                                                                                     9927
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0\Performance@First Counter                                                                                                                                                                                 9904
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0\Performance@First Help                                                                                                                                                                                    9905
Reg             HKLM\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0\Performance@Object List                                                                                                                                                                                   9904
Reg             HKLM\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0\Performance@Last Counter                                                                                                                                                                                     9902
Reg             HKLM\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0\Performance@Last Help                                                                                                                                                                                        9903
Reg             HKLM\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0\Performance@First Counter                                                                                                                                                                                    9874
Reg             HKLM\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0\Performance@First Help                                                                                                                                                                                       9875
Reg             HKLM\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0\Performance@Object List                                                                                                                                                                                      9874
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress@                                                                                                                                                                                                  C:\Windows\Installer\b4ccf7.ipi
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback                                                                                                                                                                                                     
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts                                                                                                                                                                                             
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts@C:\Config.Msi\b4ccf8.rbs                                                                                                                                                                    30349771
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts@C:\Config.Msi\b4ccf8.rbsLow                                                                                                                                                                 619490784
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages                                                                                                                                                                                                 
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages@C:\Windows\Installer\b4ccf4.msp                                                                                                                                                                 0
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\185A997F84B9CCC399CEFBEB37D1E465@FCDAC0A0AD874C333A05DC1548B97920                                                                                                               
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6BAE7E741A179D035A28FD4F8ECD4E67@FCDAC0A0AD874C333A05DC1548B97920                                                                                                               02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2742595\NoRemove
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED776A5EE28AE3C3CBA2AD9355F12795@FCDAC0A0AD874C333A05DC1548B97920                                                                                                               
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2416472                                                                                                                               g?1D['YZ?80cb8)2E`3?r90RLyrqU7zU~F*!'U897jML!3~s57oeH2%a[MFETf8@CW!z[4A)(&5@lu6e?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2162169                                                                                                                               v'o&JBX_D4l+Re5D7*)'Y5AjZThCw3^%$BbZiVHw+_c7(z+QZ41jYCs*LLkjm_8,zPu8Z3vqq}h*3FR=?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2478063                                                                                                                               K.J](Pmc25I1smk6hG2LpVG]Aeh`35_X$Acj$&ifM[P48IzUq5NYPZB-~$rN9C'xxr@q66bZFjLHdz{v?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2533523                                                                                                                               i2MmZ376k6O4jv67tmxY9ZJ9DW}NU5VFJ%47_tpRDpC-Yq*QW6I~.l7Fw$0'ox_r(X$oK4vhHIxIh?d2?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2544514                                                                                                                               ?N~p_J{h~4~Roz2]069xPwULsp&RA7c7k`WmU^lKo(Kf1l{@A6jO@3i5^!u][Uurr=WsU4]eJ)(?PG^d?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2572063                                                                                                                               5F&tTHC0R5{7,n`MxHSib8]e!%Co_7Zya$Zt*HH_hnx-8s{7H7jZB3z,6?A4}i.gVoTfs7$Bl(G[5WqI?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2599651                                                                                                                               em,8p%f+q7Ff$]?`Ay4^gfPJxz+K,4A6vCb[q916N]jbb`z)l6.6Z9)YNaTZ$%SzkmMg37{)&b*~f.Gp?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2600211                                                                                                                               VI8Z3]qG96Y[B0P+]p+2c0QfD']$J7S1B'CJ%7}q_mbGDLvlb6I=%CSb[4iRiI%H$$ZUa43tnUPVhhR[?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2600217                                                                                                                               [GRRzeYHK8Ah&?.`r*JGQP$J7o7Xs5H.qk'4gRmw()7qU4]M-4I0DX5nfl.2Le1*qnYxV3vLBtsY]Wd.?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2604121                                                                                                                               gf7vmF-J)5f8[Oi1Rb3JwtQzSU.UW6k-_.Ii2D`Y5DA^z7QTl45[aIho2`zm3.'y-ay'i5H)ms8lXhRF?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2639327                                                                                                                               aNLP5McjE5&0&Z.]KAPn?%,2R^o__7M?N(d6v$-3lM30DrZOt6DN9T3R?qh@O~kb2rWzX5E01]9O{cUN?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2656351                                                                                                                               4pM3vyZ4142O.Z'bDubRYz{$Av^('4WcK_Jn%{]LJmxK930UY7@_@Gkc@uI5@2r*,5D2e3*?-e=J[9XR?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2682543                                                                                                                               b2m5g3D647OX&WyiksE18%t!^ZT0q5`,9Ej66Jkcg]^wv_jYt6`@=Po5L(^L5+0Pq4Li.88y2[^d{yV6?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2736428                                                                                                                               ^E`of~=&i7nkdzTnFnboHt?CxHjQX6m4.Ly?yHeDc&!T^o*m145NV*76C)U$g=OxaV-z}3LFc'*OTJ1A?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Features@KB2742595                                                                                                                               2s1Yxk@{U7(&)Bf^bigCN3I,?EOSd3{=adwIO'6Nea(nU$g=S3nVnjPpdqkda=lmrzdnF7y{NZ6i[WhD?Servicing_Key
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\InstallProperties@EstimatedSize                                                                                                                  483199
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCDAC0A0AD874C333A05DC1548B97920\Patches@AllPatches                                                                                                                               1A81C2A72A2D7713281FF59ECC80CE0B?E2653A24E4B84A938BD2CC218F82983E?D43E4AB85C597093784E26BF3BA11209?
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A0CADCF-78DA-33C4-A350-CD51849B9702}@EstimatedSize                                                                                                                                                         483199
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2742595@NoRemove                                                                                                                                                    1
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}@EstimatedSize                                                                                                                                                         2223261
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2729449@NoRemove                                                                                                                                                    1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter                                                                                                                                                                                                10608
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help                                                                                                                                                                                                   10609
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{16dcff2c-91a3-4e6a-8135-0a9e6681c1b5}@First Counter                                                                                                    10484
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{16dcff2c-91a3-4e6a-8135-0a9e6681c1b5}@Last Counter                                                                                                     10522
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{8ebb0470-da6d-485b-8441-8e06b049157a}@First Counter                                                                                                    10524
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{8ebb0470-da6d-485b-8441-8e06b049157a}@Last Counter                                                                                                     10554
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{e829b6db-21ab-453b-83c9-d980ec708edd}@First Counter                                                                                                    10404
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{890c10c3-8c2a-4fe3-a36a-9eca153d47cb}\{e829b6db-21ab-453b-83c9-d980ec708edd}@Last Counter                                                                                                     10482
Reg             HKLM\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Reference Assemblies|Microsoft|Framework|v3.5|System.AddIn.dll@System.AddIn,version="3.5.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL",fileVersion="3.5.30729.1",culture="neutral"  dlP=kN'k[5nu[y@0gyqnNetFX_Core_x86_enu_DDF>`DKb52'Wm9?NNy%~cR@K?
Reg             HKLM\SOFTWARE\Classes\Installer\Assemblies\Global@System.AddIn,version="3.5.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL",fileVersion="3.5.30729.1",culture="neutral"                                                                           dlP=kN'k[5nu[y@0gyqnNetFX_Core_x86_enu_DDF>`W=4F!8GE@p+Vb5z,`PF?
Reg             HKLM\SOFTWARE\Classes\Installer\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\Patches@Patches                                                                                                                                                                             2F2AEE7ADCFB45A45A57B7187A686E85?28C9EA2BB7CD1463FB8C7872C5F46370?CB4FA93924CE1D83EA28194D7ADE9811?10C3348AF913073358E0783C456992A9?241C0B844F0A3623091E9148BC8BDD81?

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                                                                                                                                 unknown MBR code

---- EOF - GMER 2.1 ----
         

Code:
ATTFilter
Exportierte Ereignisse:

25.01.2014 11:36 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\klo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\71805bb0-7de975b
      5'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Dldr.Kara.AN.1' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e14466d.qua' 
      verschoben!

25.01.2014 11:36 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\klo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2dd0a63b-484f646
      c'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2012-1723.A.344' 
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c171b78.qua' 
      verschoben!

25.01.2014 11:36 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\klo\AppData\Roaming\msconfig.dat'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen7' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '548134e0.qua' 
      verschoben!

25.01.2014 11:36 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\klo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\11584990-2409901
      2'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.zdq.3' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3da42491.qua' 
      verschoben!

25.01.2014 11:36 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\klo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\11584990-5679145
      f'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.zdq.3' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '782009af.qua' 
      verschoben!
         

Alt 25.01.2014, 15:38   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden - Standard

Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden



hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 25.01.2014, 17:10   #3
chribum
 
Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden - Standard

Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden



Danke für die schnelle Antwort!!!

Allerdings habe ich nun noch ein anderes Problem. Gleichzeitig mit dem Neustart nach Ausführung von Combofix kam das automatische Windows-Update und hat nun nach dem Neustart den rechner "aufgehängt".
Nach dem Neustart kommt immer die Meldung "Die Updates konnten nicht konfiguriert werden. Die Änderungen werden rückgängi gemacht. Schalten Sie den Computer nicht aus."

Nachdem ich jetzt fast 2 Stunden gewartet habe, dass irgendwas passiert, habe ich einen Neustart versucht und siehe da...die Meldung ist natürlich noch da.

Ich denke, ich werde jetzt das System komplett neu draufziehen..Kack Vista..
das sollte doch auch das Malware-Problem lösen, oder?

Meine Daten werde ich vorher mittels Ubuntu CD retten.

Auf jeden Fall vielen vielen Dank für deine Hilfe!!!
__________________

Alt 26.01.2014, 07:44   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden - Standard

Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden



Das behebt auf jeden Fall auch die Malware, ja
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden
acer aspire, adblock, browser, converter, device driver, dvdvideosoft ltd., e-mail, flash player, installation, java/dldr.kara.an.1, java/lamar.zdq.3, launch, malware, msiinstaller, ntdll.dll, performance, realtek, registry, services.exe, software, spotify web helper, spyhunter, spyhunter entfernen, svchost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen7, trojaner, windows



Ähnliche Themen: Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden


  1. Abstürzen einige Minuten nach Start, Bildschirm schwarz, kurzer Surrton, Avira Meldung: avira.systray.exe ungültiges Bild
    Plagegeister aller Art und deren Bekämpfung - 26.09.2015 (5)
  2. Win 7: Avira hat Malware gefunden
    Log-Analyse und Auswertung - 25.06.2015 (13)
  3. Trojaner nach Fake-Email, TR/Crypt.Xpack.87275 wird ständig von Avira gefunden
    Log-Analyse und Auswertung - 13.09.2014 (13)
  4. Avira: Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.06.2014 (13)
  5. Win Vista: Avira meldet 'BOO/TDss.O' gefunden
    Log-Analyse und Auswertung - 03.01.2014 (32)
  6. Windows Vista: Avira Antivir meldet erst ADWARE/bProtect.D einige Tage später TR/Fakeadb.A
    Log-Analyse und Auswertung - 26.10.2013 (17)
  7. Nach Download einer Amazon-Rechnung (nicht geöffnet) TR/Buzus Trojaner per Avira gefunden nach Virenprüfung hier der Bericht
    Log-Analyse und Auswertung - 16.09.2013 (6)
  8. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  9. EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (11)
  10. Einige Trojaner gefunden
    Log-Analyse und Auswertung - 07.05.2012 (3)
  11. Systemcheck Malware: mit Löschen getan?
    Log-Analyse und Auswertung - 21.02.2012 (1)
  12. FakeAlert gbR und SystemCheck auf Windows Vista
    Log-Analyse und Auswertung - 16.02.2012 (40)
  13. gmer logfile nach befall von systemcheck trojaner
    Log-Analyse und Auswertung - 10.02.2012 (44)
  14. TR/EyeStye.N.105 Avira-Meldung / nach Systemcheck zusätzlich Java/Exdoer.A & Java/Fester.J
    Plagegeister aller Art und deren Bekämpfung - 06.08.2011 (25)
  15. Keine Updates & einige Installationen mehr möglich - infiziert nach Malware
    Log-Analyse und Auswertung - 13.01.2011 (25)
  16. Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (49)
  17. Nach Spyware Doctor einige Infezierungen gefunden, sind das Bedrohungen???
    Plagegeister aller Art und deren Bekämpfung - 05.03.2006 (4)

Zum Thema Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden - Hallo liebe Leute!! Nachdem ich kürzlich von dem großen Datenklau erfahren habe, habe ich den BSI-Sicherheitstest auf der Seite https://www.sicherheitstest.bsi.de/ durchgeführt und erfahren, dass mein e-mail Account betroffen war. Danach - Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden...
Archiv
Du betrachtest: Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.