| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1:Variant.Adware.Graftor.159320+Adware.Generic.1133960-Virenbefall?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
06.01.2015, 22:51
| #1 |
 |  Windows 8.1:Variant.Adware.Graftor.159320+Adware.Generic.1133960-Virenbefall? Hallo, Laut meinem Virenscanner G-data bin ich mit dem Virus Gen:Variant.Adware.Graftor.159320(EgineA) und Adware.Generic.1133960 infeziert.Nachdem Verschieben in die Quarantäne,werden Sie immer wieder neu erzeugt. Da ich nicht weiß,wie ich dieses Problem lösen kann,bitte ich Sie daher um Hilfe. Eine dateilierte Anleitung wäre sehr hilfreich für mich,da ich mich mit PC-Anwendungen nicht sehr gut auskenne. Mit freundlichen Grüßen Mingus Anbei die FRST.txt,Addition.txt und Gmer.txt In mehreren Beiträgen... Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Dschiko at 2015-01-06 19:43:22
Running from C:\Users\Dschiko\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.15.0 - Asmedia Technology)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{2FE4C157-30AD-47F3-9D93-D9A2AFF25D3F}) (Version: 4.33.485.0 - Futuremark)
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.3 - G DATA Software AG)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{3B236485-CCE7-48DE-82DC-A5EA54A6F7D6}) (Version: 5.0.10.2850 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PCMark 7 (HKLM-x32\...\{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}) (Version: 1.4.0 - Futuremark)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Solution Real (HKLM\...\Solution Real) (Version: 2015.01.01.212322 - Solution Real) <==== ATTENTION!
Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
vi-view uninstall (HKLM-x32\...\vi-view uninstall) (Version: - vi-view) <==== ATTENTION
WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version: - WSE_Vosteran) <==== ATTENTION!
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-01-2015 23:35:51 Installed Asmedia ASM104x USB 3.0 Host Controller Driver.
03-01-2015 01:28:26 3DMark
04-01-2015 04:00:27 DirectX wurde installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {27C585EF-C79A-4DA8-99A5-0A2045499C8B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {41BD443C-A6A0-4E75-8D9D-FDB22E2578BA} - System32\Tasks\WSE_Vosteran => C:\Users\Dschiko\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {52EAEBFB-1C2C-46C9-89A4-52924C61CCE0} - System32\Tasks\Core Temp Autostart Dschiko => C:\Users\Dschiko\Documents\CoreTemp64\Core Temp.exe [2015-01-02] ()
Task: {DEFB5801-D0EA-4EAE-AF83-A232EFF501C0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {F1BC5602-5CE7-43D9-B577-684EC0026ACB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Dschiko\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-06-18 17:18 - 2014-06-18 17:18 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-06-18 17:18 - 2014-06-18 17:18 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-06-18 17:18 - 2014-06-18 17:18 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-06-18 17:18 - 2014-06-18 17:18 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2015-01-04 05:04 - 2015-01-04 05:04 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2015-01-02 02:02 - 2015-01-05 16:26 - 00524536 _____ () C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe
2015-01-01 22:29 - 2015-01-05 16:27 - 00524536 _____ () C:\Program Files (x86)\Solution Real\updateSolutionReal.exe
2015-01-02 02:03 - 2015-01-05 04:47 - 00353016 _____ () C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe
2015-01-02 00:28 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-08 13:23 - 2015-01-02 15:18 - 00890016 _____ () C:\Users\Dschiko\Documents\CoreTemp64\Core Temp.exe
2013-08-08 14:30 - 2013-08-08 14:30 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-01-02 02:03 - 2015-01-05 04:49 - 00101624 _____ () C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.exe
2015-01-02 02:03 - 2015-01-05 13:47 - 00114936 ____N () C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-02 02:03 - 2015-01-05 04:49 - 00082168 _____ () C:\Program Files (x86)\Solution Real\bin\SolutionReal.expextdll.dll
2015-01-02 02:22 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "ISCT Tray"
HKU\S-1-5-21-2721568097-3122404728-116981256-1001\...\StartupApproved\Run: => "Speccy"
========================= Accounts: ==========================
Administrator (S-1-5-21-2721568097-3122404728-116981256-500 - Administrator - Disabled)
Dschiko (S-1-5-21-2721568097-3122404728-116981256-1001 - Administrator - Enabled) => C:\Users\Dschiko
Gast (S-1-5-21-2721568097-3122404728-116981256-501 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/06/2015 07:41:41 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (01/06/2015 07:18:16 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (01/06/2015 07:18:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (01/05/2015 09:23:47 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (01/05/2015 09:23:44 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (01/05/2015 09:18:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (01/05/2015 08:27:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ActivationUI.exe, Version: 4.6.4.1, Zeitstempel: 0x54750ebf
Name des fehlerhaften Moduls: ActivationUI.exe, Version: 4.6.4.1, Zeitstempel: 0x54750ebf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056306
ID des fehlerhaften Prozesses: 0xa18
Startzeit der fehlerhaften Anwendung: 0xActivationUI.exe0
Pfad der fehlerhaften Anwendung: ActivationUI.exe1
Pfad des fehlerhaften Moduls: ActivationUI.exe2
Berichtskennung: ActivationUI.exe3
Vollständiger Name des fehlerhaften Pakets: ActivationUI.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ActivationUI.exe5
Error: (01/05/2015 07:40:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (01/05/2015 04:56:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1440
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (01/05/2015 04:44:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_235.exe, Version: 16.0.0.235, Zeitstempel: 0x546fbf96
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000462a8
ID des fehlerhaften Prozesses: 0xb60
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_235.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_235.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_235.exe2
Berichtskennung: FlashPlayerPlugin_16_0_0_235.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_16_0_0_235.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_16_0_0_235.exe5
System errors:
=============
Error: (01/05/2015 05:21:53 PM) (Source: DCOM) (EventID: 10010) (User: MasterDisaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (01/05/2015 05:21:23 PM) (Source: DCOM) (EventID: 10010) (User: MasterDisaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (01/05/2015 04:26:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IePlugin Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/05/2015 04:26:13 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
Error: (01/05/2015 04:26:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 04.01.2015 um 18:23:48 unerwartet heruntergefahren.
Error: (01/04/2015 06:23:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IePlugin Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/04/2015 06:23:45 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
Error: (01/04/2015 05:58:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IePlugin Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/04/2015 05:58:14 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
Error: (01/04/2015 05:58:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 04.01.2015 um 17:57:04 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (01/06/2015 07:41:41 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Dschiko\Downloads\aswMBR.exeC:\Users\Dschiko\Downloads\aswMBR.exe0
Error: (01/06/2015 07:18:16 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Dschiko\Downloads\aswMBR.exeC:\Users\Dschiko\Downloads\aswMBR.exe0
Error: (01/06/2015 07:18:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Dschiko\Downloads\aswMBR.exeC:\Users\Dschiko\Downloads\aswMBR.exe0
Error: (01/05/2015 09:23:47 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Dschiko\Downloads\aswMBR.exeC:\Users\Dschiko\Downloads\aswMBR.exe0
Error: (01/05/2015 09:23:44 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Dschiko\Downloads\aswMBR.exeC:\Users\Dschiko\Downloads\aswMBR.exe0
Error: (01/05/2015 09:18:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Dschiko\Downloads\aswMBR.exeC:\Users\Dschiko\Downloads\aswMBR.exe0
Error: (01/05/2015 08:27:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ActivationUI.exe4.6.4.154750ebfActivationUI.exe4.6.4.154750ebfc000000500056306a1801d0291da626a13bC:\PROGRA~2\ORIGIN~1\BATTLE~1\Core\ActivationUI.exeC:\PROGRA~2\ORIGIN~1\BATTLE~1\Core\ActivationUI.exee3e164c1-9510-11e4-8263-d0509934d3d4
Error: (01/05/2015 07:40:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Dschiko\Downloads\aswMBR.exeC:\Users\Dschiko\Downloads\aswMBR.exe0
Error: (01/05/2015 04:56:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425144001d028fe79ccadbfC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll670c442b-94f3-11e4-8263-d0509934d3d4
Error: (01/05/2015 04:44:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_16_0_0_235.exe16.0.0.235546fbf96ntdll.dll6.3.9600.1727853eeb4a3c0000005000462a8b6001d028fe73d458beC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exeC:\Windows\SYSTEM32\ntdll.dllb18cd04b-94f1-11e4-8263-d0509934d3d4
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 29%
Total physical RAM: 8140.3 MB
Available physical RAM: 5754.84 MB
Total Pagefile: 10060.3 MB
Available Pagefile: 7391.63 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.13 GB) (Free:169.1 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 44A02577)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-06 20:39:54
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f Crucial_CT256MX100SSD1 rev.MU01 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\Dschiko\AppData\Local\Temp\kwliykog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[736] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc0a9e169a 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[736] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc0a9e16a2 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[736] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc0a9e181a 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[736] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc0a9e1832 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[1568] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc0a9e169a 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[1568] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc0a9e16a2 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[1568] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc0a9e181a 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[1568] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc0a9e1832 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[2444] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc0a9e169a 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[2444] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc0a9e16a2 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[2444] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc0a9e181a 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[2444] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc0a9e1832 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe[2184] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc0a9e169a 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe[2184] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc0a9e16a2 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe[2184] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc0a9e181a 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe[2184] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc0a9e1832 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[5880] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc0a9e169a 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[5880] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc0a9e16a2 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[5880] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc0a9e181a 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[5880] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc0a9e1832 4 bytes [9E, 0A, FC, 7F]
.text C:\Windows\System32\dwm.exe[1436] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc0a9e169a 4 bytes [9E, 0A, FC, 7F]
.text C:\Windows\System32\dwm.exe[1436] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc0a9e16a2 4 bytes [9E, 0A, FC, 7F]
.text C:\Windows\System32\dwm.exe[1436] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc0a9e181a 4 bytes [9E, 0A, FC, 7F]
.text C:\Windows\System32\dwm.exe[1436] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc0a9e1832 4 bytes [9E, 0A, FC, 7F]
.text C:\Windows\system32\nvvsvc.exe[3120] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc0a9e169a 4 bytes [9E, 0A, FC, 7F]
.text C:\Windows\system32\nvvsvc.exe[3120] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc0a9e16a2 4 bytes [9E, 0A, FC, 7F]
.text C:\Windows\system32\nvvsvc.exe[3120] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc0a9e181a 4 bytes [9E, 0A, FC, 7F]
.text C:\Windows\system32\nvvsvc.exe[3120] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc0a9e1832 4 bytes [9E, 0A, FC, 7F]
.text C:\Windows\Explorer.EXE[4008] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc0a9e169a 4 bytes [9E, 0A, FC, 7F]
.text C:\Windows\Explorer.EXE[4008] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc0a9e16a2 4 bytes [9E, 0A, FC, 7F]
.text C:\Windows\Explorer.EXE[4008] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc0a9e181a 4 bytes [9E, 0A, FC, 7F]
.text C:\Windows\Explorer.EXE[4008] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc0a9e1832 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe[4044] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc0a9e169a 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe[4044] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc0a9e16a2 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe[4044] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc0a9e181a 4 bytes [9E, 0A, FC, 7F]
.text C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe[4044] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc0a9e1832 4 bytes [9E, 0A, FC, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [3144:4628] fffff96000815b90
---- Services - GMER 2.1 ----
Service C:\Users\Dschiko\AppData\Local\Temp\ALSysIO64.sys (*** hidden *** ) [MANUAL] ALSysIO <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SAM0612H9MB307616_0C_07DB_75^FBE060219E01CBBFAAD08BDAEDBD6DE1@Timestamp 0x1C 0x00 0x8F 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -900340084
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 9866
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 13618
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 333
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 527
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 439
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 306
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 123
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 11456
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 11477
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 13058
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 11473
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 13595
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 1523
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 43
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 2960
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 1576
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 8
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 526
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 0
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 393757
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x30 0xA8 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 30295
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x26 0x40 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 321
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberCompressRate 44
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 266
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 135
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 196
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 252
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 1589
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x3F 0x35 0xEB 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\ALSysIO@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\ALSysIO
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
---- EOF - GMER 2.1 ----
Gibt es eine Möglichkeit den Text von der FRST aufzuteilen? MFG Mingus |
| Themen zu Windows 8.1:Variant.Adware.Graftor.159320+Adware.Generic.1133960-Virenbefall? |
| anleitung, befall, beiträge, cpu-z, frst.txt, g-data, gen, hilfreich, immer wieder, leitung, lösen, mehreren, neu, problem, quara, quarantäne, scan, scanner, variant.adware.graftor.159320, verschieben, virenscan, virenscanner, virus, windows, windows 8.1 |
Baum-Darstellung