Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win7: Ständiges Auftreten eines Trojaners

Win7: Ständiges Auftreten eines Trojaners


Log-Analyse und Auswertung: Win7: Ständiges Auftreten eines Trojaners

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 28.04.2015, 10:10   #1
DAS k1ishEé
 
Win7: Ständiges Auftreten eines Trojaners - Standard

Win7: Ständiges Auftreten eines Trojaners


Hi, ich habe Anfang April meinen Rechner neu aufgesetzt und zwei Tage später ist mir aufgefallen, dass ich vergessen hab Avast zu installieren. Ist nicht viel passiert, aber ab und zu findet Avast Reste eines Trojaners und löscht ihn direkt (Finde die Log-Datei leider nicht). Daraufhin erscheint von Windows folgende Fehlermeldung:

"C:\Users\[NAME]\AppData\Roaming\5.exe" konnte nicht gefunden werden. Stellen sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang.

Die unterbricht sämtliche Vorgänge, schmeißt mich aus Spiele, ect. Tritt zufällig alle paar Stunden auf.

Bitte um Hilfe!

Es folgen die Logs, aber FRST.txt ist zu groß, soll ich sie als Anhang nachreichen?

defogger_disable.txt
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:04 on 27/04/2015 (DAS k1ishEé)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Additions.txt
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by DAS k1ishEé at 2015-04-27 22:07:19
Running from F:\Downloads\TrojanerBoard
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1784364803-3053550495-1265879695-500 - Administrator - Disabled)
DAS k1ishEé (S-1-5-21-1784364803-3053550495-1265879695-1000 - Administrator - Enabled) => C:\Users\DAS k1ishEé
Gast (S-1-5-21-1784364803-3053550495-1265879695-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1784364803-3053550495-1265879695-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.0 - EA Digital Illusions CE AB)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3226 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Free Mouse Auto Clicker 3.4.5 (HKLM-x32\...\{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version:  - Filip Victor)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{DD21E907-9A2A-44B8-A12E-13691E166664}) (Version: 1.0.30.1003 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {20CA2662-1B8A-40FB-80C9-580C332DD850} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {2B8F8E16-D169-46A6-8FB1-9698904767B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-02] (Google Inc.)
Task: {2E8A542F-6A5E-4FC8-9974-9959C19A5DD5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5FBC2EA2-8097-41C7-A0BC-D58AEA91CF30} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {85AE2505-C62A-4182-9EE2-354D3593F238} - System32\Tasks\Convertor => C:\Program Files (x86)\Convertor\Convertor.exe [2014-11-25] ()
Task: {ADDD8524-DCCD-443F-BCE8-B9897A74EF82} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AEB89ADF-6722-402C-8128-08111E458826} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-02] (Avast Software s.r.o.)
Task: {C2180FD6-A091-46C2-ABB7-648B51D73D41} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {DD290259-F2D9-4CF6-9CB5-5A7D47B2FB86} - System32\Tasks\Winsta Update => C:\Program Files (x86)\Winsta\bin\Winsta.exe [2014-11-25] ()
Task: {E74F7CBB-7EC7-4D7D-8E18-6C07CD6C5A3E} - System32\Tasks\{3578B826-B9D8-4952-8426-F5EEDD5E0400} => pcalua.exe -a "F:\Dateien\Spiele, Programme\Programme\RegCleaner.exe" -d "F:\Dateien\Spiele, Programme\Programme"
Task: {F079F527-81EB-42E9-AA12-FD6210A804BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-02] (Google Inc.)
Task: {F71C5790-7313-42E3-8601-E436006EA187} - System32\Tasks\WinKit => C:\Users\DAS k1ishEé\AppData\Roaming\PDFConvert\SWUpdate.exe [2014-11-25] ()
Task: {FCA7A3D6-4DAD-40DF-97DD-DA970B726BAD} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-04-02 00:21 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-16 21:53 - 2015-04-17 10:43 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-25 14:25 - 2014-11-25 14:25 - 00156240 ____R () C:\Program Files (x86)\Convertor\Convertor.exe
2015-04-16 09:17 - 2015-04-13 23:48 - 01633608 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-16 09:17 - 2015-04-13 23:48 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-16 09:17 - 2015-04-13 23:48 - 26783560 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
2015-03-10 15:47 - 2015-03-10 15:47 - 00368440 _____ () C:\Program Files (x86)\Battlelog Web Plugins\launcherx64-160.dll
2015-04-02 22:52 - 2015-04-02 22:52 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-02 22:52 - 2015-04-02 22:52 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-27 00:47 - 2015-04-27 00:47 - 02927104 _____ () C:\Program Files\AVAST Software\Avast\defs\15042601\algo.dll
2015-04-27 13:16 - 2015-04-27 13:16 - 02927104 _____ () C:\Program Files\AVAST Software\Avast\defs\15042700\algo.dll
2015-04-02 22:52 - 2015-04-02 22:52 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-02 23:45 - 2014-11-04 11:38 - 00867080 _____ () F:\Programme\PowerDVD 14\PowerDVD14\common\UNO\UNO.dll
2015-04-02 23:45 - 2013-12-10 09:39 - 00074240 _____ () F:\Programme\PowerDVD 14\PowerDVD14\Common\Koan\_ctypes.pyd
2015-04-02 23:45 - 2013-12-10 09:39 - 00285184 _____ () F:\Programme\PowerDVD 14\PowerDVD14\Common\Koan\_hashlib.pyd
2015-04-02 23:45 - 2013-12-10 09:39 - 00040960 _____ () F:\Programme\PowerDVD 14\PowerDVD14\Common\Koan\_socket.pyd
2015-04-02 23:45 - 2013-12-10 09:39 - 00721920 _____ () F:\Programme\PowerDVD 14\PowerDVD14\Common\Koan\_ssl.pyd
2015-04-02 12:24 - 2015-03-10 08:37 - 00775680 _____ () F:\Spiele\Steam\SDL2.dll
2015-04-02 12:24 - 2014-12-02 02:29 - 05002752 _____ () F:\Spiele\Steam\v8.dll
2015-04-02 12:24 - 2014-12-02 02:29 - 01612800 _____ () F:\Spiele\Steam\icui18n.dll
2015-04-02 12:24 - 2014-12-02 02:29 - 01210368 _____ () F:\Spiele\Steam\icuuc.dll
2015-04-02 12:24 - 2015-04-14 01:44 - 02371776 _____ () F:\Spiele\Steam\video.dll
2015-04-02 12:24 - 2014-12-01 23:31 - 02396672 _____ () F:\Spiele\Steam\libavcodec-56.dll
2015-04-02 12:24 - 2014-12-01 23:31 - 00442880 _____ () F:\Spiele\Steam\libavutil-54.dll
2015-04-02 12:24 - 2014-12-01 23:31 - 00479744 _____ () F:\Spiele\Steam\libavformat-56.dll
2015-04-02 12:24 - 2014-12-01 23:31 - 00332800 _____ () F:\Spiele\Steam\libavresample-2.dll
2015-04-02 12:24 - 2014-12-01 23:31 - 00485888 _____ () F:\Spiele\Steam\libswscale-3.dll
2015-04-02 12:24 - 2015-04-14 01:44 - 00702656 _____ () F:\Spiele\Steam\bin\chromehtml.DLL
2015-04-02 12:24 - 2015-02-25 03:58 - 34641288 _____ () F:\Spiele\Steam\bin\libcef.dll
2015-04-02 04:40 - 2013-09-16 21:20 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-04-02 12:24 - 2015-02-25 03:58 - 01709960 _____ () F:\Spiele\Steam\bin\ffmpegsumo.dll
2015-04-16 21:23 - 2015-04-16 21:23 - 01007104 _____ () F:\Spiele\Origin\platforms\qwindows.dll
2015-04-16 21:23 - 2015-04-16 21:23 - 00023552 _____ () F:\Spiele\Origin\imageformats\qgif.dll
2015-04-16 21:23 - 2015-04-16 21:23 - 00024576 _____ () F:\Spiele\Origin\imageformats\qico.dll
2015-04-16 21:23 - 2015-04-16 21:23 - 00216576 _____ () F:\Spiele\Origin\imageformats\qjpeg.dll
2015-04-16 21:23 - 2015-04-16 21:23 - 00261120 _____ () F:\Spiele\Origin\imageformats\qmng.dll
2015-04-16 21:23 - 2015-04-16 21:23 - 00019456 _____ () F:\Spiele\Origin\imageformats\qtga.dll
2015-04-16 21:23 - 2015-04-16 21:23 - 00337408 _____ () F:\Spiele\Origin\imageformats\qtiff.dll
2015-04-16 21:23 - 2015-04-16 21:23 - 00018944 _____ () F:\Spiele\Origin\imageformats\qwbmp.dll
2015-04-16 21:23 - 2015-04-16 21:23 - 00228352 _____ () F:\Spiele\Origin\mediaservice\wmfengine.dll
2015-04-14 22:53 - 2015-04-14 22:53 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1784364803-3053550495-1265879695-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DAS k1ishEé\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LGODDFU => "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3FB45AE5-824B-4A5C-85B5-FC9F57E72835}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1E0F2F7A-A558-46CF-AC17-681EADAA6419}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{210CFCD5-8DFF-471C-8E11-5669BBD8F364}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26FCC47A-C95A-48FA-BC76-5C2BF9D9936C}] => (Allow) F:\Spiele\Steam\Steam.exe
FirewallRules: [{279BB053-6DD7-401B-B333-EF4C03F087B5}] => (Allow) F:\Spiele\Steam\Steam.exe
FirewallRules: [{570C261C-AA77-4C8F-9A19-39C3E3CB4E64}] => (Allow) F:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{629E809E-64BA-4106-9B2E-47F8B1E41335}] => (Allow) F:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{92014B67-495F-4ECF-9C32-682768104B65}] => (Allow) F:\Spiele\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{03EF6D4E-4649-4723-BEAD-B959EFF34788}] => (Allow) F:\Spiele\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{2C5350DA-C17A-4B24-9173-7A753683A171}] => (Allow) F:\Spiele\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{540A8A10-F541-4843-97D8-C5214C979776}] => (Allow) F:\Spiele\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{D682FC21-58EB-4DDF-87B1-1F16D96176FD}] => (Allow) F:\Spiele\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B331D8AD-BE57-4922-A418-9E3BF81554FE}] => (Allow) F:\Spiele\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{C6F34538-0C56-4F25-BD7B-AB6D0A589042}] => (Allow) F:\Spiele\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{ECD645F9-33D1-4B51-B150-E92DF1824B4A}] => (Allow) F:\Spiele\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E7223286-2CF3-4169-B0EC-5FE7D969CA94}] => (Allow) F:\Spiele\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{C4BD1D8D-B8F5-42F6-830A-F70B9DE93D50}] => (Allow) F:\Spiele\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{4DCE6E7B-B1CB-488A-8910-8FD920B7D39E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3E2C54DD-15ED-435F-B914-363C67143115}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{36278193-CAF0-402B-B82B-854D730911E5}] => (Allow) F:\Spiele\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{B400751A-3DDC-42B6-B470-3B23247FEC88}] => (Allow) F:\Spiele\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{252677FA-4A92-49ED-BC17-28D0B11FC193}] => (Allow) F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD.exe
FirewallRules: [{E25063C3-2A1F-45F9-BFA3-7681B2DAA69B}] => (Allow) F:\Programme\PowerDVD 14\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{8F28E477-790B-4900-A196-2C63B3E7E889}] => (Allow) F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{83E4E662-3293-47EC-B49C-47E60021BD90}] => (Allow) F:\Programme\PowerDVD 14\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{5B861A3F-C986-4FA7-A521-1543AC4532E2}] => (Allow) F:\Programme\PowerDVD 14\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{F296240D-71A3-4625-9808-3F2D2CF39594}] => (Allow) F:\Spiele\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{71AA19D8-D6CC-4D49-9034-6DB692E8C575}] => (Allow) F:\Spiele\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{BE64243F-E9CC-4D91-B33C-11839735021F}] => (Allow) F:\Spiele\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{B5E4BB86-CF78-463E-86CA-F9B554200F0A}] => (Allow) F:\Spiele\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{31054C48-B698-4D07-B7EC-C78CEFB717A7}] => (Allow) F:\Spiele\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{85642BC7-3A7C-45E2-BA60-87A56F014B92}] => (Allow) F:\Spiele\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{3F15C151-0101-4E6E-AE40-AA35DD7B0F49}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DA056585-E236-4A3A-86BE-B1AA61A7997D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{659D3C72-B831-4734-83CF-1DA8E59ECE47}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{752CCDED-7EE2-4643-9756-8D61CF355230}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F0A0F167-7A3C-4FBB-BFDE-D1596DCDA73F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{5171EC52-3631-472C-9E33-23C64F163CE5}] => (Allow) F:\Spiele\Origin\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{44A4667F-0532-44D8-9D53-B709375A2AAD}] => (Allow) F:\Spiele\Origin\Origin Games\Battlefield 3\bf3.exe

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2015 08:53:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2015 08:38:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2015 09:36:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2015 09:09:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2015 07:09:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2015 03:00:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2015 09:17:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2015 09:21:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2015 01:38:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 08:40:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/27/2015 08:53:54 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/26/2015 08:38:18 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/25/2015 09:36:21 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/25/2015 09:15:55 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/25/2015 09:09:46 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/24/2015 07:09:00 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/24/2015 03:00:01 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/24/2015 09:17:12 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/23/2015 09:21:00 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (04/23/2015 01:38:35 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 38%
Total physical RAM: 8134.54 MB
Available physical RAM: 5006.13 MB
Total Pagefile: 8132.73 MB
Available Pagefile: 4934.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:232.79 GB) (Free:195.16 GB) NTFS
Drive f: (HDD) (Fixed) (Total:465.76 GB) (Free:301.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 7906BE9F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F590A1A7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---


GMER.txt
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-28 10:39:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Samsung_SSD_850_EVO_250GB rev.EMT01B6Q 232,89GB
Running: xu979bm6.exe; Driver: F:\Temp\Windows\fxrcqaob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17      00000000767c1401 2 bytes JMP 76c6b1ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17        00000000767c1419 2 bytes JMP 76c6b31a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17      00000000767c1431 2 bytes JMP 76ce8f09 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42      00000000767c144a 2 bytes CALL 76c44885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                      * 9
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17         00000000767c14dd 2 bytes JMP 76ce8802 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17  00000000767c14f5 2 bytes JMP 76ce89d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17         00000000767c150d 2 bytes JMP 76ce86f8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17  00000000767c1525 2 bytes JMP 76ce8ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17        00000000767c153d 2 bytes JMP 76c5fc78 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17             00000000767c1555 2 bytes JMP 76c668bf C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17      00000000767c156d 2 bytes JMP 76ce8fc1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17        00000000767c1585 2 bytes JMP 76ce8b22 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17           00000000767c159d 2 bytes JMP 76ce86bc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17        00000000767c15b5 2 bytes JMP 76c5fd11 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17      00000000767c15cd 2 bytes JMP 76c6b2b0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20  00000000767c16b2 2 bytes JMP 76ce8e84 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1940] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31  00000000767c16bd 2 bytes JMP 76ce8651 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                         00000000748717fa 2 bytes CALL 76c411a9 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                     0000000074871860 2 bytes CALL 76c411a9 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                   0000000074871942 2 bytes JMP 76127089 C:\Windows\syswow64\WS2_32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                  000000007487194d 2 bytes JMP 7612cba6 C:\Windows\syswow64\WS2_32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                           00000000767c1401 2 bytes JMP 76c6b1ef C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                             00000000767c1419 2 bytes JMP 76c6b31a C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                           00000000767c1431 2 bytes JMP 76ce8f09 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                           00000000767c144a 2 bytes CALL 76c44885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                      * 9
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                              00000000767c14dd 2 bytes JMP 76ce8802 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                       00000000767c14f5 2 bytes JMP 76ce89d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                              00000000767c150d 2 bytes JMP 76ce86f8 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                       00000000767c1525 2 bytes JMP 76ce8ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                             00000000767c153d 2 bytes JMP 76c5fc78 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                  00000000767c1555 2 bytes JMP 76c668bf C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                           00000000767c156d 2 bytes JMP 76ce8fc1 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                             00000000767c1585 2 bytes JMP 76ce8b22 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                00000000767c159d 2 bytes JMP 76ce86bc C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                             00000000767c15b5 2 bytes JMP 76c5fd11 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                           00000000767c15cd 2 bytes JMP 76c6b2b0 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                       00000000767c16b2 2 bytes JMP 76ce8e84 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                       00000000767c16bd 2 bytes JMP 76ce8651 C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter               0000000076c48769 5 bytes JMP 00000001661c1000
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                    00000000767c1401 2 bytes JMP 76c6b1ef C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                      00000000767c1419 2 bytes JMP 76c6b31a C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                    00000000767c1431 2 bytes JMP 76ce8f09 C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                    00000000767c144a 2 bytes CALL 76c44885 C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                      * 9
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                       00000000767c14dd 2 bytes JMP 76ce8802 C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                00000000767c14f5 2 bytes JMP 76ce89d8 C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                       00000000767c150d 2 bytes JMP 76ce86f8 C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                00000000767c1525 2 bytes JMP 76ce8ac2 C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                      00000000767c153d 2 bytes JMP 76c5fc78 C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                           00000000767c1555 2 bytes JMP 76c668bf C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                    00000000767c156d 2 bytes JMP 76ce8fc1 C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                      00000000767c1585 2 bytes JMP 76ce8b22 C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                         00000000767c159d 2 bytes JMP 76ce86bc C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                      00000000767c15b5 2 bytes JMP 76c5fd11 C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                    00000000767c15cd 2 bytes JMP 76c6b2b0 C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                00000000767c16b2 2 bytes JMP 76ce8e84 C:\Windows\syswow64\kernel32.dll
.text   F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe[3204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                00000000767c16bd 2 bytes JMP 76ce8651 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [3504:4220]                                                                                              000007fee87a9688

---- EOF - GMER 2.1 ----
--- --- ---

 

Themen zu Win7: Ständiges Auftreten eines Trojaners
adware, antivirus, avast, cpu, defender, desktop, explorer, fehlermeldung, file, firefox, flash player, helper, internet, internet explorer, launch, mdm.exe, microsoft, neu, nvbackend, programme, scan, security, software, temp, trojaner, usb, windows


« PUp.Optional.SearchProtect eingefangen | [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela »


Ähnliche Themen: Win7: Ständiges Auftreten eines Trojaners


  1. Fund eines Trojaners, Behebungsversuch
    Log-Analyse und Auswertung - 02.09.2015 (5)
  2. Probleme im Internet nach der Entfernung eines Trojaners
    Diskussionsforum - 09.08.2015 (16)
  3. Vermutung eines Trojaners!
    Plagegeister aller Art und deren Bekämpfung - 11.04.2015 (44)
  4. Benötige Hilfe zur Entfernung eines Trojaners
    Log-Analyse und Auswertung - 01.07.2014 (5)
  5. Reicht AVIRA für die Eleminierung eines Trojaners aus?
    Log-Analyse und Auswertung - 21.06.2013 (17)
  6. Zugriff nur auf Gastkonto möglich, aufgrund eines Trojaners
    Log-Analyse und Auswertung - 15.04.2012 (3)
  7. [2x] Vollständiges entfernen eines Bundespolizei Trojaners
    Mülltonne - 29.02.2012 (1)
  8. Fund eines trojaners: TR/Spy.SpyEyes.hal
    Plagegeister aller Art und deren Bekämpfung - 14.05.2011 (13)
  9. Nach Entfernung eines Keyloggers + Trojaners
    Plagegeister aller Art und deren Bekämpfung - 11.09.2009 (39)
  10. Highjack Auswertung aufgrund eines Trojaners
    Log-Analyse und Auswertung - 30.06.2009 (1)
  11. Erstellen eines Trojaners auf Vista
    Mülltonne - 22.02.2009 (2)
  12. Ich bin Opfer eines Trojaners geworden! (Morddrohungen Erpressung)
    Plagegeister aller Art und deren Bekämpfung - 24.03.2008 (4)
  13. Bitte um Auswertung, ob noch Spuren eines Trojaners
    Log-Analyse und Auswertung - 07.02.2008 (4)
  14. RUNDLL-Fehlermeldung nach Entfernung eines Trojaners
    Plagegeister aller Art und deren Bekämpfung - 24.05.2007 (15)
  15. Funktionsweise eines Trojaners
    Plagegeister aller Art und deren Bekämpfung - 30.08.2006 (3)
  16. Quelle oder Zwischenlager eines Trojaners gefunden
    Log-Analyse und Auswertung - 21.09.2004 (2)
  17. Funktionsweise eines Trojaners oder Virus
    Mülltonne - 14.12.2003 (17)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7: Ständiges Auftreten eines Trojaners - Hi, ich habe Anfang April meinen Rechner neu aufgesetzt und zwei Tage später ist mir aufgefallen, dass ich vergessen hab Avast zu installieren. Ist nicht viel passiert, aber ab und - Win7: Ständiges Auftreten eines Trojaners...
Archiv
Du betrachtest: Win7: Ständiges Auftreten eines Trojaners auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131