bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe

harryS · 24.05.2015, 13:40

Hallo,
bitdefender Internet Security 2015 meldet inzwischen 38 Probleme.
Es wurden Phishing Versuche erkannt und infizierte Websites erkannt. Liefert mir aber keine weitere Hilfe. Ich habe auch Antimalware ohne Fund durchlaufen lassen.
Ich hoffe es kann mir jemand von Euch behilflich sein, da ich mich nicht mehr traue irgendwo einzuloggen.
Vielen Dank im vorraus
Harry

hier eine der vielen bitdefender Meldungen:

Code:

ATTFilter

Die Webseite https://6b7f46ad5bc91a240a3d-1d8fbdf7ecdc2b67730d7c561f0d1dfd.ssl.cf2.rackcdn.com/il.html?origin=httP://www.ebay.xx wurde als Phishing-Webseite identifiziert, die ein Risiko für Ihre persönlichen und finanziellen Daten darstellen könnte. Die Webseite wurde durch den Phishing Filter blockiert und Ihr PC ist wieder sicher.

für mehr infos müsste ich screenshots einfügen, da ich die Funde nicht als Text kopieren kann.

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:16 on 22/05/2015 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2015 01
Ran by ***** (ATTENTION: The logged in user is not administrator) on ASUS on 22-05-2015 23:19:03
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** & Administrator (Available Profiles: ***** & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> vsserv.exe
Failed to access process -> winlogon.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> spoolsv.exe
Failed to access process -> conhost.exe
Failed to access process -> armsvc.exe
Failed to access process -> SAWCtrlSer.EXE
Failed to access process -> AsusService.exe
Failed to access process -> btwdins.exe
Failed to access process -> nvSCPAPISvr.exe
Failed to access process -> svchost.exe
Failed to access process -> TeamViewer_Service.exe
Failed to access process -> TomTomHOMEService.exe
Failed to access process -> updatesrv.exe
Failed to access process -> IAANTmon.exe
Failed to access process -> svchost.exe
Failed to access process -> HotKeyMon.exe
Failed to access process -> HotkeyService.exe
Failed to access process -> LiveUpdate.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
Failed to access process -> CapsHook.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> SuperHybridEngine.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.60\opera.exe
Failed to access process -> WmiPrvSE.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-07-13] (AsusTek Computer Inc.)
HKLM-x32\...\Run: [CapsHook] => C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-28] (ASUS)
HKLM-x32\...\Run: [GraphicsSwitch] => C:\Program Files\Asus\GraphicsSwitch\GPUStatusMonitor.exe [205304 2010-08-18] (AsusTek Computer Inc.)
HKLM-x32\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [141848 2010-10-25] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [173592 2010-10-25] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [150552 2010-10-25] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1862056 2015-03-12] (Bitdefender)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-01-15] (Bitdefender)
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {85cfeb88-1890-11e3-8be6-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {85cfebba-1890-11e3-8be6-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\...\MountPoints2: {8b6f5a82-17de-11e3-b07b-74f06de5d66e} - D:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-03-31]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk [2013-08-27]
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk [2015-03-11]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-206298077-3871948171-1831049974-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-206298077-3871948171-1831049974-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Toolbar: HKU\S-1-5-21-206298077-3871948171-1831049974-1000 -> Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\2lgl1wvi.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: www.google.de
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-07-26] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-07-26] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-206298077-3871948171-1831049974-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin HKU\S-1-5-21-206298077-3871948171-1831049974-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\*****\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF Extension: Disconnect - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\2lgl1wvi.default\Extensions\2.0@disconnect.me.xpi [2014-05-29]
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-05-02]
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files\Mobile Master\ext\1
FF Extension: Mobile Master Add-In - C:\Program Files\Mobile Master\ext\1 [2014-05-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-05-02]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-206298077-3871948171-1831049974-1000) OperaMail - "C:\Program Files\Opera Mail safe\OperaMail.exe"

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 apmSAWCtrl; C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe [470120 2012-11-19] ()
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () []
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1308464 2015-03-16] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2011-02-09] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1083448 2015-01-14] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [243456 2015-01-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [548336 2015-01-14] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [93648 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2015-01-09] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2015-03-10] (Broadcom Corporation.)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-04-02] (Emsisoft GmbH)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [172936 2015-02-24] (BitDefender LLC)
S3 Hantek6022BE1; C:\Windows\System32\Drivers\Hantek6022BEX861.sys [21056 2012-03-18] () []
S2 Hantek6022BE2; C:\Windows\System32\Drivers\Hantek6022BEX862.SYS [19008 2012-03-18] () []
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2013-08-12] ( )
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [19656 2013-08-12] (NVIDIA Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [132608 2012-07-26] (Prolific Technology Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [408280 2014-10-15] (BitDefender S.R.L.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 23:19 - 2015-05-22 23:19 - 00017399 _____ () C:\Users\*****\Desktop\FRST.txt
2015-05-22 23:16 - 2015-05-22 23:17 - 00000488 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-05-22 23:13 - 2015-05-22 23:13 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2015-05-22 23:12 - 2015-05-22 23:12 - 01147392 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-05-22 23:09 - 2015-05-22 23:09 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-05-20 21:49 - 2015-05-20 21:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-05-16 14:26 - 2015-05-22 22:52 - 00001776 _____ () C:\Windows\setupact.log
2015-05-16 14:26 - 2015-05-16 14:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 14:25 - 2015-05-16 14:25 - 00000848 _____ () C:\Windows\PFRO.log
2015-05-16 11:34 - 2015-05-16 11:34 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-16 11:34 - 2015-05-16 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-16 11:34 - 2015-05-16 11:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 14:30 - 2015-05-02 14:30 - 00072704 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-05-02 14:27 - 2015-05-02 14:27 - 00926023 _____ () C:\ProgramData\1430568571.bdinstall.bin
2015-05-02 14:27 - 2015-05-02 14:27 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-05-02 14:26 - 2015-05-22 20:04 - 00000309 ____H () C:\bdr-cf03
2015-05-02 14:25 - 2015-05-02 14:25 - 00002082 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk
2015-05-02 14:25 - 2015-05-02 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-05-02 14:25 - 2015-01-23 16:28 - 00243456 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-05-02 14:25 - 2015-01-14 18:10 - 01083448 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-05-02 14:25 - 2015-01-14 13:13 - 00548336 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-05-02 14:25 - 2015-01-09 11:58 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-05-02 14:25 - 2014-12-15 17:56 - 00077632 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2015-05-02 14:13 - 2015-05-02 14:26 - 00253404 ____H () C:\bdr-ld03
2015-05-02 14:13 - 2015-05-02 14:26 - 00009216 ____H () C:\bdr-ld03.mbr
2015-05-02 14:13 - 2015-05-02 14:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Bitdefender
2015-05-02 14:13 - 2014-07-04 17:47 - 39361413 ____H () C:\bdr-im03.gz
2015-05-02 14:13 - 2012-08-15 15:28 - 02294848 ____H () C:\bdr-bz03
2015-05-02 14:11 - 2015-05-02 14:26 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-05-02 14:11 - 2015-05-02 14:11 - 00000000 ____D () C:\Program Files\Bitdefender
2015-05-02 14:11 - 2015-02-24 17:52 - 00172936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-05-02 14:11 - 2014-10-15 17:14 - 00408280 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-05-02 14:08 - 2015-05-02 14:11 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-05-01 14:18 - 2015-05-01 14:18 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-05-01 13:10 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-01 13:10 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 13:09 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-25 22:43 - 2015-04-25 22:43 - 00000000 ____D () C:\ProgramData\bdch
2015-04-25 20:47 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-25 20:47 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-04-25 20:47 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-04-25 20:42 - 2015-04-25 20:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 23:19 - 2015-04-07 08:28 - 00000000 ____D () C:\FRST
2015-05-22 23:01 - 2009-07-14 06:34 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-22 23:01 - 2009-07-14 06:34 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-22 22:57 - 2010-11-20 23:01 - 01647544 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 22:56 - 2013-08-11 13:43 - 02076803 _____ () C:\Windows\WindowsUpdate.log
2015-05-22 22:53 - 2013-08-12 08:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-22 22:52 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 21:49 - 2015-01-11 12:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-22 20:16 - 2013-08-11 15:38 - 00000000 ____D () C:\Program Files\Opera
2015-05-22 19:31 - 2013-11-20 08:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-20 19:11 - 2013-08-27 22:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\HpUpdate
2015-05-18 20:50 - 2013-11-16 20:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 22:40 - 2015-01-11 12:59 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-05-16 14:40 - 2013-09-04 23:54 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-05-16 11:44 - 2013-11-19 14:26 - 00000000 ____D () C:\Windows\Minidump
2015-05-16 11:44 - 2013-08-11 23:39 - 00000000 ____D () C:\Windows\Panther
2015-05-15 16:06 - 2015-03-30 16:06 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0736f84a-a7b7-4990-8777-17c3cd8bf973.job
2015-05-15 12:11 - 2015-03-30 16:06 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7ba9165e-35bf-42ab-bcbd-9df146fe9e88.job
2015-05-07 06:32 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-03 09:33 - 2013-08-30 12:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2015-05-02 14:31 - 2013-08-11 15:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Bitdefender
2015-05-02 13:15 - 2014-12-09 00:08 - 00000000 ____D () C:\Users\*****\Downloads\Bitdefender Safepay
2015-05-02 13:12 - 2013-08-28 23:15 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-05-02 13:12 - 2013-08-28 23:15 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Amazon
2015-05-01 14:18 - 2013-09-28 14:43 - 00000000 ____D () C:\Users\Administrator
2015-04-25 20:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-04-23 08:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-22 23:26 - 2013-08-11 15:39 - 00000000 ____D () C:\download

==================== Files in the root of some directories =======

2015-02-22 21:48 - 2015-02-22 21:48 - 0000040 _____ () C:\Users\*****\AppData\Roaming\cdr.ini
2014-07-17 23:05 - 2015-03-14 14:09 - 0007680 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-10 14:55 - 2015-04-10 14:55 - 0003384 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2015-05-02 14:27 - 2015-05-02 14:27 - 0926023 _____ () C:\ProgramData\1430568571.bdinstall.bin
2013-08-27 22:10 - 2013-08-27 22:10 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Gmer (bitdef lässt sich nicht deaktivieren)

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-23 00:44:15
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.01.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldrpoc.sys


---- System - GMER 2.1 ----

SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwAllocateVirtualMemory [0x8C4CA0BE]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwAlpcConnectPort [0x8C4CD566]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwAlpcSendWaitReceivePort [0x8C4CD09C]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwAssignProcessToJobObject [0x8C4CAC88]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwClose [0x8C4CDB8C]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwConnectPort [0x8C4CC418]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateFile [0x8C4CB95C]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateKey [0x8C4CCB10]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateProcess [0x8C4CAEDE]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateProcessEx [0x8C4CAF94]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateSection [0x8C4CB27E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateThread [0x8C4C9A2E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwCreateThreadEx [0x8C4CDDA8]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwDeviceIoControlFile [0x8C4CCC80]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwDuplicateObject [0x8C4D111A]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwFsControlFile [0x8C4CCF38]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwLoadDriver [0x8C4CA594]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwMakeTemporaryObject [0x8C4CD934]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwOpenFile [0x8C4CB74E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwOpenProcess [0x8C4D0B72]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwOpenSection [0x8C4CB04E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwOpenThread [0x8C4D0E22]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwProtectVirtualMemory [0x8C4C9F42]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwQueueApcThread [0x8C4CADB0]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwReplaceKey [0x8C4CD782]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwRequestPort [0x8C4CC586]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwRequestWaitReplyPort [0x8C4CBF1A]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwRestoreKey [0x8C4CD80C]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSecureConnectPort [0x8C4CC9A0]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSetContextThread [0x8C4C9B9E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSetSecurityObject [0x8C4CD6DC]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSetSystemInformation [0x8C4CA78E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwShutdownSystem [0x8C4CD89E]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSuspendProcess [0x8C4C9E1A]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSuspendThread [0x8C4C9CF4]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwSystemDebugControl [0x8C4CABBA]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwTerminateProcess [0x8C4D0A6A]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwTerminateThread [0x8C4D130C]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwUnloadDriver [0x8C4CD9CA]
SSDT      \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys                                               ZwWriteVirtualMemory [0x8C4C98B2]

SYSENTER  \SystemRoot\system32\DRIVERS\avc3.sys                                                                        888D4000

---- Kernel code sections - GMER 2.1 ----

.text     ntkrnlpa.exe!ZwRequestWaitReplyPort + 1499                                                                   820449F5 1 Byte  [06]
.text     ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                       8207E992 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text     ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                          82085BD8 4 Bytes  [BE, A0, 4C, 8C]
.text     ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                          82085BE4 4 Bytes  [66, D5, 4C, 8C]
.text     ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                          82085C28 4 Bytes  [9C, D0, 4C, 8C]
.text     ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                          82085C38 4 Bytes  [88, AC, 4C, 8C]
.text     ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                          82085C54 4 Bytes  [8C, DB, 4C, 8C]
.text     ...                                                                                                          

---- User code sections - GMER 2.1 ----

.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[336] WS2_32.dll!connect                               77556BDD 1 Byte  [E9]
.text     C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[504] ntdll.dll!NtLoadDriver + 8                       773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe[644] ADVAPI32.dll!RegOpenKeyExA + DE                       75C14965 1 Byte  [E9]
.text     C:\Program Files\abylonsoft\SAWipe\SAWCtrlSer.exe[644] WS2_32.dll!connect                                    77556BDD 1 Byte  [E9]
.text     C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[812] ntdll.dll!NtTerminateProcess                   773F68B8 5 Bytes  JMP 015007D0 
.text     C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[812] kernel32.dll!UnhandledExceptionFilter          75FF0709 5 Bytes  JMP 019707D0 
.text     C:\Windows\System32\svchost.exe[884] ntdll.dll!NtLoadDriver + 8                                              773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\System32\AsusService.exe[1220] ntdll.dll!NtLoadDriver + 8                                         773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[1480] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1600] WS2_32.dll!connect                             77556BDD 1 Byte  [E9]
.text     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1600] ADVAPI32.dll!RegOpenKeyExA + DE                75C14965 1 Byte  [E9]
.text     C:\Windows\system32\nvvsvc.exe[1632] ntdll.dll!NtLoadDriver + 8                                              773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[1660] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[1660] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Windows\system32\svchost.exe[1760] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[1760] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Windows\system32\WLANExt.exe[1816] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\WLANExt.exe[1816] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Windows\System32\spoolsv.exe[1868] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\System32\spoolsv.exe[1868] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2120] ntdll.dll!NtLoadDriver + 8               773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[2156] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[2156] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Program Files\TeamViewer\TeamViewer_Service.exe[2188] ntdll.dll!NtLoadDriver + 8                          773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\TeamViewer\TeamViewer_Service.exe[2188] WS2_32.dll!connect                                  77556BDD 1 Byte  [E9]
.text     C:\Users\lemi\Desktop\Gmer-19357.exe[2240] ntdll.dll!NtLoadDriver + 8                                        773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2332] ntdll.dll!NtTerminateProcess               773F68B8 5 Bytes  JMP 00EB07D0 
.text     C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2332] kernel32.dll!UnhandledExceptionFilter      75FF0709 5 Bytes  JMP 010907D0 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2384] WS2_32.dll!connect                    77556BDD 1 Byte  [E9]
.text     C:\Program Files\HP\HP Software Update\hpwuschd2.exe[2476] ntdll.dll!NtLoadDriver + 8                        773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[2724] ntdll.dll!NtTerminateProcess                 773F68B8 5 Bytes  JMP 00EE07D0 
.text     C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[2724] kernel32.dll!UnhandledExceptionFilter        75FF0709 5 Bytes  JMP 010C07D0 
.text     C:\Windows\system32\SearchIndexer.exe[2916] ntdll.dll!NtLoadDriver + 8                                       773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\RunDll32.exe[2944] ntdll.dll!NtLoadDriver + 8                                            773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[2988] ntdll.dll!NtTerminateProcess                 773F68B8 5 Bytes  JMP 00B207D0 
.text     C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[2988] kernel32.dll!UnhandledExceptionFilter        75FF0709 5 Bytes  JMP 006607D0 
.text     C:\Windows\system32\svchost.exe[3120] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[3120] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Windows\system32\RunDll32.exe[3516] ntdll.dll!NtLoadDriver + 8                                            773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\taskhost.exe[3552] ntdll.dll!NtLoadDriver + 8                                            773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3776] ntdll.dll!NtLoadDriver + 8                          773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3776] WS2_32.dll!connect                                  77556BDD 1 Byte  [E9]
.text     C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3800] ntdll.dll!NtLoadDriver + 8                      773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3800] WS2_32.dll!connect                              77556BDD 1 Byte  [E9]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[3816] ntdll.dll!NtLoadDriver + 8                          773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[3816] WS2_32.dll!connect                                  77556BDD 1 Byte  [E9]
.text     C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3844] ntdll.dll!NtLoadDriver + 8                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3844] WS2_32.dll!connect                                     77556BDD 1 Byte  [E9]
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3896] WS2_32.dll!connect                    77556BDD 1 Byte  [E9]
.text     C:\Program Files\EeePC\CapsHook\CapsHook.exe[3904] ntdll.dll!NtLoadDriver + 8                                773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[3996] ntdll.dll!NtLoadDriver + 8  773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[3996] WS2_32.dll!connect          77556BDD 1 Byte  [E9]
.text     C:\Windows\system32\wbem\wmiprvse.exe[4076] ntdll.dll!NtLoadDriver + 8                                       773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\wbem\wmiprvse.exe[4076] WS2_32.dll!connect                                               77556BDD 1 Byte  [E9]
.text     C:\Program Files\ASUS\SHE\SuperHybridEngine.exe[4092] ntdll.dll!NtLoadDriver + 8                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Program Files\ASUS\SHE\SuperHybridEngine.exe[4092] WS2_32.dll!connect                                     77556BDD 1 Byte  [E9]
.text     C:\Windows\system32\svchost.exe[4160] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\system32\svchost.exe[4160] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]
.text     C:\Windows\System32\svchost.exe[4392] ntdll.dll!NtLoadDriver + 8                                             773F5B50 2 Bytes  [2C, FC] {SUB AL, 0xfc}
.text     C:\Windows\System32\svchost.exe[4392] WS2_32.dll!connect                                                     77556BDD 1 Byte  [E9]

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06de5d66e                                  
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06de5d66e@18e2c2dc1032                     0x86 0x26 0xF9 0x44 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06de5d66e@b84fd5b09535                     0x29 0x83 0xBA 0xA0 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06de5d66e (not active ControlSet)              
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06de5d66e@18e2c2dc1032                         0x86 0x26 0xF9 0x44 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06de5d66e@b84fd5b09535                         0x29 0x83 0xBA 0xA0 ...
Reg       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                           
Reg       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@C837EEC4                  1209

---- EOF - GMER 2.1 ----

Maleware logtext

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.05.2015
Suchlauf-Zeit: 12:12:32
Logdatei: maleware_scan.txt
Administrator: Nein

Version: 2.01.6.1022
Malware Datenbank: v2015.05.23.01
Rootkit Datenbank: v2015.05.16.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: xxxxx

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 256856
Verstrichene Zeit: 20 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe

Log-Analyse und Auswertung: bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe

bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe

Ähnliche Themen: bitdefender hat Phising Versuche erkannt und infizierte Websites gefunden (38Stück), die ich nicht aufgerufen habe