Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
viele conhost.exe im Taskmanager

viele conhost.exe im Taskmanager


Plagegeister aller Art und deren Bekämpfung: viele conhost.exe im Taskmanager

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.07.2014, 22:00   #1
Ronsen1965
 
viele conhost.exe im Taskmanager - Standard

viele conhost.exe im Taskmanager


Moinsen Gemeinde.

Als ich heute meinen Rechner hoch fuhr, war "er" irgendwie langsam.
Im Taskmanager sah ich dann bestimmt 10 mal den Prozess "conhost.exe".
Die folgende Google suche brachte mich dann unter anderem zu diesem Forum.

Habe schon mal folgende Schritte durchgeführt.

Zitat:
Schritt 1
Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.exe

Starte bitte dds mit einem Doppelklick.
Der Desktop wird verschwinden, das ist normal.
Setze bitte einen Haken bei
dds.txt ( Sollte angehakt sein )
attach.txt
Ändere keine Einstellungen ohne Anweisung
Wenn der Scan beendet ist, wird DDS 2 Logfiles auf deinem Desktop erstellen:
dds.txt
attach.txt

Bitte poste beide Logfiles in deiner nächsten Antwort.





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!
DDS.txt
Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.9.2
Run by Cheffe at 22:15:54 on 2014-07-26
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4095.2153 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\VIA\RAID\vialogsv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Officejet 4620 series\bin\HPNetworkCommunicator.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=F4150019663E67BE&affID=123477&tsp=4995
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
mWinlogon: Userinit = userinit.exe
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge] <no file>
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
StartupFolder: C:\Users\Cheffe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TINTEN~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Cheffe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TINTEN~3.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Cheffe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TINTEN~2.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIET-O~1.LNK - C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - C:\Users\Cheffe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{626F2A6E-F20E-4D92-B8B5-4E6F5BE31589} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F2BB23B8-F40A-4137-984E-9AE072534BC6} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cheffe\AppData\Roaming\Mozilla\Firefox\Profiles\fbjdsa0o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Cheffe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Cheffe\AppData\Roaming\Mozilla\Plugins\NpFv530.dll
FF - plugin: C:\Users\Cheffe\AppData\Roaming\Mozilla\plugins\NpFv530.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=nv2&cd=2XzuyEtN2Y1L1QzutDtDtCzyyCyCtA0EyCyB0B0E0Fzz0EtCtN0D0Tzu0CyEzzyCtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=1538510608&ir=
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=nv2&cd=2XzuyEtN2Y1L1QzutDtDtCzyyCyCtA0EyCyB0B0E0Fzz0EtCtN0D0Tzu0CyEzzyCtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=1538510608&ir=
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=nv2&cd=2XzuyEtN2Y1L1QzutDtDtCzyyCyCtA0EyCyB0B0E0Fzz0EtCtN0D0Tzu0CyEzzyCtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=1538510608&ir=&q=
FF - user.js: extensions.funmoods.id - 0019663E67BEF8E1
FF - user.js: extensions.funmoods.instlDay - 15825
FF - user.js: extensions.funmoods.vrsn - 1.8.11.0
FF - user.js: extensions.funmoods.vrsni - 1.8.11.0
FF - user.js: extensions.funmoods_i.vrsnTs - 1.8.11.020:44:5
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv2
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - 
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.appId - {EA28B360-05E0-4F93-8150-02891F1D8D3C}
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.irspeeddial.aflt - nv2
FF - user.js: extensions.irspeeddial.instlRef - 
FF - user.js: extensions.irspeeddial.cr - 1538510608
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutDtDtCzyyCyCtA0EyCyB0B0E0Fzz0EtCtN0D0Tzu0CyEzzyCtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB
.
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - f415f8e10000000000000019663e67be
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15952
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.619:20:35
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=123477&tsp=4995
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 viamrx64;viamrx64;C:\Windows\System32\drivers\viamrx64.sys [2008-9-26 157336]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-5-7 344736]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-2-18 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-28 15129376]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-3-22 93072]
R2 VRAID Log Service;VRAID Log Service;C:\Program Files (x86)\VIA\RAID\vialogsv.exe [2010-12-30 52888]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-18 39200]
S1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-5-7 460888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 DFX11_1;DFX Audio Enhancer 11.1;C:\Windows\System32\drivers\dfx11_1x64.sys [2012-8-30 28008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-11-2 37344]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\System32\drivers\fwlanusb.sys [2010-10-22 460800]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-4-4 20992]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-4 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .ini: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-07-09 19:32:08	--------	d-----w-	C:\Program Files (x86)\SlySoft
2014-07-09 13:45:48	11204096	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2014-07-09 13:45:59	71344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 13:45:59	699056	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 22:17:39,11 ===============
attach.txt
Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 29.12.2010 12:10:39
System Uptime: 26.07.2014 22:01:47 (0 hours ago)
.
Motherboard:                        |  | 4Core1333-Viiv
Processor: Intel(R) Core(TM)2 Duo CPU     E6750  @ 2.66GHz | CPUSocket | 2622/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 34,019 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 9,914 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2-Maus
Device ID: ACPI\PNP0F03\4&280411F0&0
Manufacturer: Microsoft
Name: Microsoft PS/2-Maus
PNP Device ID: ACPI\PNP0F03\4&280411F0&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP414: 24.07.2014 15:37:52 - Geplanter Prüfpunkt
RP415: 26.07.2014 21:41:30 - Removed Plex Media Server
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Media Player
Adobe Photoshop CS6
Adobe Reader X (10.1.8) - Deutsch
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtMoney PRO v7.27
AviSynth 2.5
Biet-O-Matic v2.14.8
Bonjour
BulletStorm
calibre
Cheat Engine 6.0
CloneCD
D3DX10
DARK
DDS Converter 2.1
DFX for Winamp
DHTML Editing Component
DirectX for Managed Code Update (Summer 2004)
Euro Truck Simulator 2
Fable III
Flatcast Viewer Plugin 5.3.0.784
Free Audio Converter version 5.0.43.605
Free YouTube to MP3 Converter version 3.10.11.923
FUSSBALL MANAGER 13
FUSSBALL MANAGER 14
GeForce Experience NvStream Client Components
High-Definition Video Playback
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP FWUpdateEDO2
HP Officejet 4620 series - Grundlegende Software für das Gerät
HP Officejet 4620 series Hilfe
HP Photo Creations
HP Update
HPDiagnosticAlert
Hybrid Edition cancel
I.R.I.S. OCR
Intel(R) Network Connections 15.1.29.0
Intel® Matrix Storage Manager
iTunes
Java 7 Update 9
Java Auto Updater
JDownloader 0.9
Junk Mail filter update
Kaspersky Internet Security 2011
Landwirtschafts Simulator 2013
MegaDev - FM13 Additions V1.0.0.0
MegaTrainer eXperience V1.2.3.7
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared 64-bit MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 30.0 (x86 de)
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MyFreeCodec
MyPhoneExplorer
MyTomTom 3.2.0.1116
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero 10 Video TransitionPack 1
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Installer
Nero MediaHome 4
Nero MediaHome 4 Essentials
Nero MediaHome 4 Help
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Platinum HD
Nero Online Upgrade
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NetObjects Fusion 12.0
Notepad++
NVIDIA 3D Vision Controller-Treiber 331.65
NVIDIA 3D Vision Treiber 331.65
NVIDIA GeForce Experience 1.8.1
NVIDIA Grafiktreiber 331.65
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.13.0725
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 331.65
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
OpenAL
Origin
Paint.NET v3.5.10
PDF Settings CS6
Platform
QuickTime
Ravensburger tiptoi
Realtek High Definition Audio Driver
Saints Row IV
Samsung Kies
Samsung Kies3
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SHIELD Streaming
SpeedCommander 13 (x64)
StarMoney
Steam
Text-To-Speech-Runtime
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Tour de France 2013 - Der offizielle Radsport-Manager Version 1
UE3Redist
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Uplay
VIA Plattform-Geräte-Manager
Visual Studio C++ 10.0 Runtime
VLC media player 1.1.11
Winamp
Winamp Erkennungs-Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Xilisoft Video Converter Ultimate
Xvid Video Codec
.
==== End Of File ===========================
defogger_disable.txt
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:18 on 26/07/2014 (Cheffe)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-
Gmer.txt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-26 22:33:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST332061 rev.CC2H 298,09GB
Running: k3s60z0c.exe; Driver: C:\Users\Cheffe\AppData\Local\Temp\kwdirpob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                                                00000000761b1465 2 bytes [1B, 76]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                                               00000000761b14bb 2 bytes [1B, 76]
.text   ...                                                                                                                                                                                                                                * 2
.text   C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                00000000761b1465 2 bytes [1B, 76]
.text   C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                               00000000761b14bb 2 bytes [1B, 76]
.text   ...                                                                                                                                                                                                                                * 2
.text   C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                       00000000761b1465 2 bytes [1B, 76]
.text   C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                      00000000761b14bb 2 bytes [1B, 76]
.text   ...                                                                                                                                                                                                                                * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                  00000000761b1465 2 bytes [1B, 76]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                 00000000761b14bb 2 bytes [1B, 76]
.text   ...                                                                                                                                                                                                                                * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                              00000000761b1465 2 bytes [1B, 76]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                             00000000761b14bb 2 bytes [1B, 76]
.text   ...                                                                                                                                                                                                                                * 2
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4220] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                                                                                         0000000076f0000c 1 byte [C3]
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4220] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                                    0000000076f8f7ea 5 bytes JMP 0000000176f48e79
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                         00000000761b1465 2 bytes [1B, 76]
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                        00000000761b14bb 2 bytes [1B, 76]
.text   ...                                                                                                                                                                                                                                * 2
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\kernel32.dll!CreateFileW                                                                                                                                        0000000075cf3f2c 1 byte JMP 00000001652c3730
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\kernel32.dll!CreateFileW + 2                                                                                                                                    0000000075cf3f2e 3 bytes {JMP 0xffffffffef5cf804}
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\USER32.dll!SetWindowPos                                                                                                                                         0000000076238e4e 5 bytes JMP 00000001652c2ee0
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                                                           0000000076240dfb 5 bytes JMP 00000001652c2e70
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\USER32.dll!SetFocus                                                                                                                                             0000000076242175 5 bytes JMP 00000001652c2ec0
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\USER32.dll!SetActiveWindow                                                                                                                                      0000000076243208 5 bytes JMP 00000001652c2f30
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\USER32.dll!BringWindowToTop                                                                                                                                     0000000076247b3b 5 bytes JMP 00000001652c2dd0
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\USER32.dll!SetForegroundWindow                                                                                                                                  000000007625f170 5 bytes JMP 00000001652c2da0
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow                                                                                                                                   00000000762790fc 1 byte JMP 00000001652c2e00
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow + 2                                                                                                                               00000000762790fe 3 bytes {JMP 0xffffffffef049d04}
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\USER32.dll!ShowWindowAsync                                                                                                                                      0000000076297d97 5 bytes JMP 00000001652c2e20
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\ole32.dll!DoDragDrop                                                                                                                                            0000000075afa827 5 bytes JMP 00000001652c2d80
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                             00000000761b1465 2 bytes [1B, 76]
.text   C:\Program Files (x86)\Origin\Origin.exe[4128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                            00000000761b14bb 2 bytes [1B, 76]
.text   ...                                                                                                                                                                                                                                * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [5556:2768]                                                                                                                                                                                        000007feee9f9688

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                                                C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                                                0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                                             0x3A 0xA9 0xE4 0x12 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                                                                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                                                       0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                                                    0xD7 0x6A 0x32 0x68 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                                                                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                                                             0x7B 0xF4 0x79 0xA1 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41                                                                                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                                                                                                                             0xB3 0xDF 0x6F 0x33 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                                                                               
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                                                    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                                                    0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                                                 0x3A 0xA9 0xE4 0x12 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                                                                                                      
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                                                           0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                                                        0xD7 0x6A 0x32 0x68 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                                                                                                               
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                                                                 0x7B 0xF4 0x79 0xA1 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)                                                                                                               
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                                                                                                                                 0xB3 0xDF 0x6F 0x33 ...
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Downloads\gwarez.cc\ronhe\ronhe\Rulers of Nations 2\x2122 Hybrid Edition\Rulers of Nations 2\x2122 Hybrid Edition Setup.exe  1

---- EOF - GMER 2.1 ----
Schon mal danke für eure Hilfe.

 

Themen zu viele conhost.exe im Taskmanager
device driver, focus, officejet, pum.hijack.startmenu, pup.funmoods, pup.optional.1clickdownload.a, pup.optional.babylon.a, pup.optional.delta.a, pup.optional.facemoods.a, pup.optional.filescout.a, pup.optional.funmoods.a, pup.optional.hdvidcodec.a, pup.optional.ibupdater.a, pup.optional.pcperformer.a, pup.optional.softonic.a, pup.optional.speedanalysis2.a, pup.optional.speedanalysis3.a, pup.optional.startpage, pup.optional.videoperformer.a, pup.optional.webcake.a, riskware.tool.ck


« Avira hat Trojanerwarnung für Seedabutor gemeldet | Zlob Trojan-Downloader & Gen:Trojan.Heur.mu!@YoPlN »


Ähnliche Themen: viele conhost.exe im Taskmanager


  1. Win7 mehrfache conhost.exe + cmd.exe + reg.exe
    Log-Analyse und Auswertung - 18.11.2014 (14)
  2. Sehr viele Prozesse im Taskmanager. Normal?
    Log-Analyse und Auswertung - 10.10.2014 (5)
  3. Conhost.EXE startet permanent neu
    Plagegeister aller Art und deren Bekämpfung - 28.08.2014 (5)
  4. Sehr viele "iexplore.exe" Prozesse im Taskmanager
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (15)
  5. Taskmanager geht nicht mehr Windows 7 Taskmanager trojaner 2014
    Alles rund um Windows - 18.06.2014 (48)
  6. [3x Conhost?] Ständig laufen 3 Conhost.exe -Anwendungen
    Log-Analyse und Auswertung - 17.06.2014 (7)
  7. conhost.exe ohne Benutzername/Beschreibung
    Plagegeister aller Art und deren Bekämpfung - 14.03.2014 (1)
  8. Über 50 Prozesse namens "conhost.exe" im Taskmanager + Notebook sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (19)
  9. Unbekannter Prozess conhost.exe
    Plagegeister aller Art und deren Bekämpfung - 16.09.2013 (15)
  10. Taskmanager + Regedit gehen nicht merh, und viele weitere Merkwürdigkeiten
    Log-Analyse und Auswertung - 30.07.2013 (23)
  11. 3 laufende conhost.exe-Prozesse
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (26)
  12. (2x) conhost.exe läuft doppelt
    Mülltonne - 24.06.2012 (1)
  13. csrss.exe , dwm.exe , conhost.exe
    Log-Analyse und Auswertung - 05.05.2011 (2)
  14. conhost.exe (Crypt.XPACK.Gen)
    Plagegeister aller Art und deren Bekämpfung - 18.02.2011 (28)
  15. Hatte eine smitfraud Variante auf einem Rechner und viele viele andere malware
    Log-Analyse und Auswertung - 06.01.2011 (0)
  16. sehr viele unbekannte *dienste* im taskmanager
    Mülltonne - 24.09.2008 (0)
  17. PC lahmt / Viele Prozesse im Taskmanager
    Antiviren-, Firewall- und andere Schutzprogramme - 23.06.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema viele conhost.exe im Taskmanager - Moinsen Gemeinde. Als ich heute meinen Rechner hoch fuhr, war "er" irgendwie langsam. Im Taskmanager sah ich dann bestimmt 10 mal den Prozess "conhost.exe". Die folgende Google suche brachte mich - viele conhost.exe im Taskmanager...
Archiv
Du betrachtest: viele conhost.exe im Taskmanager auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132