TR/Drop.Agent.219420 // ADWARE/CrossRider.A.10448 Hallo,
folgendes hat mein Virenscanner gefunden und in die Quarantäne verlagert:
Avira-Virenscanner-Ergebnis: Code:
Typ: Datei
Quelle: C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-11.exe
Status: Infiziert
Quarantäne-Objekt: 44099f96.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: ADWARE/CrossRider.A.10448
Datum/Uhrzeit: 12.07.2014, 00:17
Typ: Datei
Quelle: C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-3.exe
Status: Infiziert
Quarantäne-Objekt: 5d61a40c.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: ADWARE/CrossRider.A.10448
Datum/Uhrzeit: 12.07.2014, 00:17
Typ: Datei
Quelle: C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-4.exe
Status: Infiziert
Quarantäne-Objekt: 703b8b42.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: ADWARE/CrossRider.A.10446
Datum/Uhrzeit: 12.07.2014, 00:17
Typ: Datei
Quelle: C:\Program Files\Fraven 1.1\Fraven 1.1-bg.exe
Status: Infiziert
Quarantäne-Objekt: 4748e71c.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: ADWARE/CrossRider.A.10425
Datum/Uhrzeit: 12.07.2014, 00:17
Typ: Datei
Quelle: C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-5.exe
Status: Infiziert
Quarantäne-Objekt: 0c23cb13.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: ADWARE/CrossRider.A.14837
Datum/Uhrzeit: 12.07.2014, 00:17
Typ: Datei
Quelle: C:\Program Files\Fraven 1.1\Fraven 1.1-codedownloader.exe
Status: Infiziert
Quarantäne-Objekt: 3853d57c.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: ADWARE/CrossRider.A.10498
Datum/Uhrzeit: 12.07.2014, 00:17
Typ: Datei
Quelle: C:\Users\*******\AppData\Local\Temp\is-VBDM3.tmp\InstallManagerR.exe
Status: Infiziert
Quarantäne-Objekt: 513ac2c5.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: TR/Drop.Agent.219420
Datum/Uhrzeit: 12.07.2014, 00:17
Typ: Datei
Quelle: C:\Users\*******\AppData\Local\Temp\genesisinstaller.exe
Status: Infiziert
Quarantäne-Objekt: 1befb791.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: TR/Kazy.389992
Datum/Uhrzeit: 12.07.2014, 00:17
Typ: Datei
Quelle: C:\Users\*******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56PBL3XM\GenesisInstaller[1].exe
Status: Infiziert
Quarantäne-Objekt: 7dd8f853.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: TR/Kazy.389992
Datum/Uhrzeit: 12.07.2014, 00:17
Typ: Datei
Quelle: C:\Users\*******\AppData\Local\Temp\is-0Q6J2.tmp\InstallManagerR.exe
Status: Infiziert
Quarantäne-Objekt: 49aded62.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: TR/Drop.Agent.219420
Datum/Uhrzeit: 12.07.2014, 00:17
Typ: Datei
Quelle: C:\Program Files\Fraven 1.1\Fraven 1.1-bho.dll
Status: Infiziert
Quarantäne-Objekt: 482a79d9.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: ADWARE/CrossRider.A.10607
Datum/Uhrzeit: 11.07.2014, 16:57
Typ: Datei
Quelle: C:\Users\*******\AppData\Local\Genesis_06171636\Genesis_06171636.exe
Status: Infiziert
Quarantäne-Objekt: 50b05640.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: ADWARE/Lollipop.Gen9
Datum/Uhrzeit: 11.07.2014, 16:57
FRST-Ergebnis: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by ******* (administrator) on *******ASUS1 on 20-07-2014 15:24:44
Running from C:\Users\*******\Desktop
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\AsusService.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\ProgramData\DatacardService\DCService.exe
() C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(globalUpdate) C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Users\*******\AppData\Local\fst_de_39\upfst_de_39.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\Asus\Eee Docking\Eee Docking.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUS) C:\Program Files\Asus\CapsHook\CapsHook.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
() C:\Program Files\fst_de_39\fst_de_39.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
(PC Utilities Software Limited) C:\Program Files\Optimizer Pro\OptProReminder.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\RunOnce: [upfst_de_39.exe] => C:\Users\*******\AppData\Local\fst_de_39\upfst_de_39.exe [3269112 2014-06-10] ()
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3248482026-4210510778-3179696638-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\*******\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3248482026-4210510778-3179696638-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3248482026-4210510778-3179696638-1000\...\Run: [genesis_06171636] => /r
HKU\S-1-5-21-3248482026-4210510778-3179696638-1000\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe [135112 2014-06-12] (PC Utilities Software Limited)
HKU\S-1-5-21-3248482026-4210510778-3179696638-1000\...\MountPoints2: {6a0959e8-b1b9-11e2-934b-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-3248482026-4210510778-3179696638-1000\...\MountPoints2: {df7befb2-c0e5-11e0-9c63-f46d04bcc208} - E:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll ()
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1403023388&from=tugs&uid=HitachiXHTS543225A7A384_E20A1346C69J0JC69J0JX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1403023388&from=tugs&uid=HitachiXHTS543225A7A384_E20A1346C69J0JC69J0JX
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403023388&from=tugs&uid=HitachiXHTS543225A7A384_E20A1346C69J0JC69J0JX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1403023388&from=tugs&uid=HitachiXHTS543225A7A384_E20A1346C69J0JC69J0JX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1403023388&from=tugs&uid=HitachiXHTS543225A7A384_E20A1346C69J0JC69J0JX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403023388&from=tugs&uid=HitachiXHTS543225A7A384_E20A1346C69J0JC69J0JX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403023388&from=tugs&uid=HitachiXHTS543225A7A384_E20A1346C69J0JC69J0JX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403023388&from=tugs&uid=HitachiXHTS543225A7A384_E20A1346C69J0JC69J0JX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403023388&from=tugs&uid=HitachiXHTS543225A7A384_E20A1346C69J0JC69J0JX&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403023388&from=tugs&uid=HitachiXHTS543225A7A384_E20A1346C69J0JC69J0JX&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.199.10
FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\vpq5k4ma.default
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hppp&ts=1403191868&from=tugs&uid=HitachiXHTS543225A7A384_E20A1346C69J0JC69J0JX
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\*******\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Fraven 1.1 - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\vpq5k4ma.default\Extensions\6c78cab3-0311-420c-8cc8-d70d7c2e12d0@61a12377-7214-44f1-a183-c0827fed20fa.com [2014-06-27]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-02] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] () [File not signed]
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrash.dll [3151304 2014-06-17] ()
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed]
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-17] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-17] (globalUpdate) [File not signed]
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2009-05-15] (Hewlett-Packard) [File not signed]
R2 NewPlayerUpdaterService; C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-05-05] () [File not signed]
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2009-05-15] (Hewlett-Packard) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [591776 2014-06-12] (Fuyu LIMITED)
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [312784 2009-09-25] ()
R2 XS Stick Service; C:\windows\service4g.exe [125200 2009-09-17] (4G Systems GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2014-07-02] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\windows\System32\DRIVERS\cmnsusbser.sys [103424 2008-10-31] (Mobile Connector)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2014-07-02] (Avira GmbH)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
S3 btwampfl; system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-20 15:24 - 2014-07-20 15:25 - 00013512 _____ () C:\Users\*******\Desktop\FRST.txt
2014-07-20 15:24 - 2014-07-20 15:24 - 00000000 ____D () C:\FRST
2014-07-20 15:18 - 2014-07-20 15:19 - 00380416 _____ () C:\Users\*******\Desktop\Gmer-19357.exe
2014-07-20 15:17 - 2014-07-20 15:17 - 01080320 _____ (Farbar) C:\Users\*******\Desktop\FRST.exe
2014-07-20 14:01 - 2014-07-20 14:01 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe
2014-07-11 17:21 - 2014-07-11 16:40 - 00002040 _____ () C:\Users\*******\Desktop\Avira Free Antivirus starten.lnk
2014-07-11 16:46 - 2014-07-11 16:46 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Avira
2014-07-11 16:40 - 2014-07-11 16:40 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-11 16:40 - 2014-07-11 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-11 16:38 - 2014-07-02 13:06 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-07-11 16:38 - 2014-07-02 13:06 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-07-11 16:38 - 2014-07-02 13:06 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-07-11 16:38 - 2014-07-02 13:06 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys
2014-07-11 16:37 - 2014-07-11 16:37 - 00000000 ____D () C:\ProgramData\Avira
2014-07-11 16:37 - 2014-07-11 16:37 - 00000000 ____D () C:\Program Files\Avira
2014-06-24 13:37 - 2014-06-24 13:37 - 00145216 _____ () C:\windows\Minidump\062414-15007-01.dmp
==================== One Month Modified Files and Folders =======
2014-07-20 15:25 - 2014-07-20 15:24 - 00013512 _____ () C:\Users\*******\Desktop\FRST.txt
2014-07-20 15:24 - 2014-07-20 15:24 - 00000000 ____D () C:\FRST
2014-07-20 15:24 - 2011-07-08 14:46 - 01302646 _____ () C:\windows\WindowsUpdate.log
2014-07-20 15:20 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 15:20 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 15:19 - 2014-07-20 15:18 - 00380416 _____ () C:\Users\*******\Desktop\Gmer-19357.exe
2014-07-20 15:17 - 2014-07-20 15:17 - 01080320 _____ (Farbar) C:\Users\*******\Desktop\FRST.exe
2014-07-20 15:04 - 2009-07-25 09:50 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-20 14:57 - 2012-11-09 13:45 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 14:49 - 2014-06-17 18:44 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-20 14:02 - 2012-11-09 13:45 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-20 14:02 - 2012-11-09 13:45 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-20 14:01 - 2014-07-20 14:01 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe
2014-07-20 13:53 - 2014-06-17 18:44 - 00001392 _____ () C:\windows\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-5.job
2014-07-20 13:53 - 2014-06-17 18:43 - 00001330 _____ () C:\windows\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-2.job
2014-07-20 13:53 - 2014-06-17 18:43 - 00000894 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-20 13:52 - 2014-06-17 18:43 - 00003442 _____ () C:\windows\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-11.job
2014-07-20 13:52 - 2014-06-17 18:43 - 00002416 _____ () C:\windows\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-3.job
2014-07-20 13:52 - 2014-06-17 18:43 - 00002124 _____ () C:\windows\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-4.job
2014-07-20 13:52 - 2014-06-17 18:43 - 00001476 _____ () C:\windows\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-1.job
2014-07-20 12:10 - 2014-06-17 18:39 - 00000000 ____D () C:\Users\*******\AppData\Local\fst_de_39
2014-07-20 11:06 - 2014-06-17 18:43 - 00000890 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-20 10:59 - 2013-03-21 15:09 - 00165084 _____ () C:\windows\PFRO.log
2014-07-20 10:59 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-20 10:59 - 2009-07-14 06:39 - 00112225 _____ () C:\windows\setupact.log
2014-07-12 00:17 - 2014-06-17 18:43 - 00000000 ____D () C:\Program Files\Fraven 1.1
2014-07-11 16:57 - 2014-06-17 18:36 - 00000000 ____D () C:\Users\*******\AppData\Local\Genesis_06171636
2014-07-11 16:46 - 2014-07-11 16:46 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Avira
2014-07-11 16:40 - 2014-07-11 17:21 - 00002040 _____ () C:\Users\*******\Desktop\Avira Free Antivirus starten.lnk
2014-07-11 16:40 - 2014-07-11 16:40 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-11 16:40 - 2014-07-11 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-11 16:37 - 2014-07-11 16:37 - 00000000 ____D () C:\ProgramData\Avira
2014-07-11 16:37 - 2014-07-11 16:37 - 00000000 ____D () C:\Program Files\Avira
2014-07-11 15:28 - 2011-02-10 07:47 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-07-04 09:24 - 2013-09-09 10:01 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Skype
2014-07-02 13:06 - 2014-07-11 16:38 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-07-02 13:06 - 2014-07-11 16:38 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-07-02 13:06 - 2014-07-11 16:38 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-07-02 13:06 - 2014-07-11 16:38 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys
2014-06-25 09:20 - 2014-06-17 18:43 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-06-24 13:37 - 2014-06-24 13:37 - 00145216 _____ () C:\windows\Minidump\062414-15007-01.dmp
2014-06-24 13:37 - 2014-06-19 17:30 - 00000000 ____D () C:\windows\Minidump
Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\avgnt.exe
C:\Users\*******\AppData\Local\Temp\BackupSetup.exe
C:\Users\*******\AppData\Local\Temp\cloud_backup_setup.exe
C:\Users\*******\AppData\Local\Temp\freesofttoday.exe
C:\Users\*******\AppData\Local\Temp\lly_webssearches.exe
C:\Users\*******\AppData\Local\Temp\newvideoplayersetup.exe
C:\Users\*******\AppData\Local\Temp\optimizerpro.exe
C:\Users\*******\AppData\Local\Temp\optprosetup.exe
C:\Users\*******\AppData\Local\Temp\setup.exe
C:\Users\*******\AppData\Local\Temp\spidentifierimpl.exe
C:\Users\*******\AppData\Local\Temp\vcredist_x86.exe
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-11 15:55
==================== End Of Log ============================
Addition-Ergebnis: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:20-07-2014
Ran by ******* at 2014-07-20 15:26:51
Running from C:\Users\*******\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 1.1.0 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScreensaver (HKLM\...\{99E77016-BCF2-48C8-9119-43ECF5815F65}) (Version: 1.04 - AsusTek Computer Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.04.01 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros CL Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Broadcom Wireless Network Adapter (HKLM\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer)
Chicken Invaders 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Complément Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink PowerRecover (HKLM\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.6.1622 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.6.1622 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.3.0 - AzureWave)
Eee Docking 3.8.1 (HKLM\...\Eee Docking_is1) (Version: 3.8.1 - ASUSTek Computer Inc.)
ETDWare PS/2-x86 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
ExpressGateCloud (HKLM\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.7.25.173 - VideACE Co.)
ExpressGateCloud (Version: 2.7.25.173 - VideACE Co.) Hidden
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
Fraven 1.1 (HKLM\...\Fraven 1.1) (Version: 1.34.6.10 - setup)
fst_de_39 (HKLM\...\fst_de_39_is1) (Version: - FREE_SOFT_TODAY) <==== ATTENTION
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM\...\{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1) (Version: 6.2.0.3 - Oberon Media, Inc.)
Genesis (HKCU\...\genesis_06171636) (Version: - ) <==== ATTENTION
Google Update Helper (Version: 1.3.25.0 - Google Inc.) Hidden
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.32 - AsusTek Computer Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2364 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.25 - AsusTek Computer Inc.)
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 CL Profile (HKLM\...\Microsoft .NET Framework 4 CL Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 CL Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 CL Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 CL Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 CL Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 SR-1 Small Business (HKLM\...\{00030407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 16.002.03.03.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
NewPlayer (HKLM\...\NewPlayer) (Version: v2.1.1.9 - ) <==== ATTENTION
Opera 12.10 (HKLM\...\Opera 12.10.1652) (Version: 12.10.1652 - Opera Software ASA)
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6186 - Realtek Semiconductor Corp.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.16 - AsusTek Computer)
syncables desktop SE (HKLM\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
test und FINANZtest Archiv CD-Rom 2013 (HKLM\...\test und FINANZtest Archiv CD-Rom 2013) (Version: - )
Trend Micro Titanium (Version: 1.0 - Trend Micro Inc.) Hidden
Update for Microsoft .NET Framework 4 CL Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
webssearches uninstaller (HKLM\...\webssearches uninstaller) (Version: - webssearches) <==== ATTENTION
Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote CL (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote CL Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WindowsProtectManger20.0.0.401 (HKLM\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION
XSManager (HKLM\...\XSManager) (Version: 3.0 - XSManager)
==================== Restore Points =========================
18-06-2014 10:50:15 Windows Update
18-06-2014 17:09:24 Windows Update
11-07-2014 14:02:35 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {10EC0404-D98D-48E7-B5B7-73573D8BA9E6} - System32\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-2 => C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-2.exe [2014-06-17] ()
Task: {38F65A33-489D-4087-B08E-00A5FEDE7936} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-20] (Adobe Systems Incorporated)
Task: {3CCF0300-AF7C-420E-B44C-5AC9474DCE85} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-06-17] (globalUpdate) <==== ATTENTION
Task: {4F35BFDC-26CD-4B45-85DE-583BBB245C6B} - System32\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-4 => C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-4.exe
Task: {6BA0DCC0-E74A-4C7F-8B4C-9D7BC0890A5E} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-06-17] (globalUpdate) <==== ATTENTION
Task: {72C024B8-E0A3-4D2C-970B-65D06E1B415E} - System32\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-1 => C:\Program Files\Fraven 1.1\Fraven 1.1-codedownloader.exe
Task: {86257084-8B5E-45A0-80F1-EAC4E82D8CE4} - System32\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-5 => C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-5.exe
Task: {B0F8EA0E-02DF-497D-9786-F3C2E4D319E1} - System32\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-3 => C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-3.exe
Task: {BE3442D1-3C4E-4A34-BF5E-F02FA33E8655} - System32\Tasks\temp_3527f433-a94e-428a-b208-c8d50f307a67-2 => C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-2.exe [2014-06-17] ()
Task: {F85BA658-69F3-4958-9F8C-DA843BBDC96A} - System32\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-11 => C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-11.exe
Task: C:\windows\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-1.job => C:\Program Files\Fraven 1.1\Fraven 1.1-codedownloader.exe
Task: C:\windows\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-11.job => C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-11.exe
Task: C:\windows\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-2.job => C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-2.exe
Task: C:\windows\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-3.job => C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-3.exe
Task: C:\windows\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-4.job => C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-4.exe
Task: C:\windows\Tasks\3527f433-a94e-428a-b208-c8d50f307a67-5.job => C:\Program Files\Fraven 1.1\3527f433-a94e-428a-b208-c8d50f307a67-5.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-02-10 07:34 - 2009-08-19 03:35 - 00219136 _____ () C:\Windows\System32\AsusService.exe
2014-03-14 16:00 - 2014-03-14 16:00 - 00904704 _____ () C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
2014-03-14 16:06 - 2014-03-14 16:06 - 00012288 _____ () C:\Program Files\MyPC Backup\GetText.dll
2014-06-17 18:41 - 2014-06-17 18:41 - 03151304 _____ () c:\Program Files\Optimizer Pro\OptProCrash.dll
2010-05-08 13:48 - 2010-05-08 13:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2014-05-05 14:07 - 2014-05-05 14:07 - 00011776 _____ () C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe
2011-01-12 16:22 - 2011-01-12 16:22 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-12-24 18:51 - 2010-12-24 18:51 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll
2011-01-03 17:08 - 2011-01-03 17:08 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2013-04-30 19:21 - 2009-09-25 15:38 - 00312784 ____N () C:\Program Files\XSManager\WTGService.exe
2010-09-02 13:08 - 2010-09-02 13:08 - 00118784 _____ () C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll
2014-06-17 18:39 - 2014-06-10 14:32 - 03269112 _____ () C:\Users\*******\AppData\Local\fst_de_39\upfst_de_39.exe
2011-02-10 07:45 - 2010-06-10 23:12 - 00414384 _____ () C:\Program Files\Asus\Eee Docking\Eee Docking.exe
2011-01-13 16:09 - 2011-01-13 16:09 - 00191304 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2010-11-22 21:12 - 2010-11-22 21:12 - 00181664 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll
2014-06-17 18:39 - 2014-06-13 11:14 - 03976160 _____ () C:\Program Files\fst_de_39\fst_de_39.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/20/2014 02:50:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 6.16.60.105 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: db4
Startzeit: 01cfa3f9fd4f38b6
Endzeit: 495
Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe
Berichts-ID:
Error: (07/20/2014 01:53:48 PM) (Source: globalUpdate Update) (EventID: 1) (User: NT-AUTORITÄT)
Description: globalUpdate Update has encountered a fatal error.
ver=1.3.25.0.private;lang=en;id=;is_machine=1;upload=0;minidump=C:\Program Files\globalUpdate\CrashReports\fe2a11fe-4c40-4f8f-baa5-f289cd2d6736.dmp
Error: (07/11/2014 03:03:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: presetup.exe, Version: 14.0.5.320, Zeitstempel: 0x536a3310
Name des fehlerhaften Moduls: AppRemover_API.dll, Version: 3.1.6.1, Zeitstempel: 0x52602911
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005164c9
ID des fehlerhaften Prozesses: 0x518
Startzeit der fehlerhaften Anwendung: 0xpresetup.exe0
Pfad der fehlerhaften Anwendung: presetup.exe1
Pfad des fehlerhaften Moduls: presetup.exe2
Berichtskennung: presetup.exe3
Error: (07/11/2014 02:57:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: presetup.exe, Version: 14.0.5.320, Zeitstempel: 0x536a3310
Name des fehlerhaften Moduls: AppRemover_API.dll, Version: 3.1.6.1, Zeitstempel: 0x52602911
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005164c9
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0xpresetup.exe0
Pfad der fehlerhaften Anwendung: presetup.exe1
Pfad des fehlerhaften Moduls: presetup.exe2
Berichtskennung: presetup.exe3
Error: (07/11/2014 02:47:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 6.16.60.105 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ca4
Startzeit: 01cf9d05aac0b117
Endzeit: 20
Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe
Berichts-ID:
Error: (06/29/2014 08:11:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce796f3
Name des fehlerhaften Moduls: EXPLORERFRAME.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b86d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002990f
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (06/24/2014 10:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xe6c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (06/24/2014 10:41:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 30.0.0.5269 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1264
Startzeit: 01cf8fa1d0904dc8
Endzeit: 5610
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID: b1e4e4c0-fbdf-11e3-be28-f46d04bcc208
Error: (06/24/2014 07:43:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: xul.dll, Version: 30.0.0.5269, Zeitstempel: 0x539141b1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00a29200
ID des fehlerhaften Prozesses: 0x1364
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (06/21/2014 11:09:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1780
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (07/20/2014 02:49:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IePlugin Services" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/20/2014 01:53:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {577975B8-C40E-43E6-B0DE-4C6B44088B52}
Error: (07/20/2014 01:53:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "globalUpdate Update Service (globalUpdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/20/2014 11:00:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (07/11/2014 04:25:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (07/11/2014 03:29:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (07/11/2014 03:28:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}
Error: (07/11/2014 03:27:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Lokallistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/11/2014 03:27:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Lokallistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/11/2014 03:27:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Lokallistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (07/20/2014 02:50:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.16.60.105db401cfa3f9fd4f38b6495C:\Program Files\Skype\Phone\Skype.exe
Error: (07/20/2014 01:53:48 PM) (Source: globalUpdate Update) (EventID: 1) (User: NT-AUTORITÄT)
Description: globalUpdate Update has encountered a fatal error.
ver=1.3.25.0.private;lang=en;id=;is_machine=1;upload=0;minidump=C:\Program Files\globalUpdate\CrashReports\fe2a11fe-4c40-4f8f-baa5-f289cd2d6736.dmp
Error: (07/11/2014 03:03:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: presetup.exe14.0.5.320536a3310AppRemover_API.dll3.1.6.152602911c0000005005164c951801cf9d085cb4c67cC:\Users\*******\AppData\Local\Temp\RarSFX0\presetup.exeC:\Users\*******\AppData\Local\Temp\RarSFX0\AppRemover_API.dllb36ab3c7-08fb-11e4-8ffd-f46d04bcc208
Error: (07/11/2014 02:57:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: presetup.exe14.0.5.320536a3310AppRemover_API.dll3.1.6.152602911c0000005005164c9105c01cf9d079e6e16bfC:\Users\*******\AppData\Local\Temp\RarSFX0\presetup.exeC:\Users\*******\AppData\Local\Temp\RarSFX0\AppRemover_API.dllea29c23e-08fa-11e4-8ffd-f46d04bcc208
Error: (07/11/2014 02:47:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.16.60.105ca401cf9d05aac0b11720C:\Program Files\Skype\Phone\Skype.exe
Error: (06/29/2014 08:11:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce796f3EXPLORERFRAME.dll6.1.7601.175144ce7b86dc00000050002990f
Error: (06/24/2014 10:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141be6c01cf8fa1d9039274C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllf276c34c-fbdf-11e3-be28-f46d04bcc208
Error: (06/24/2014 10:41:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe30.0.0.5269126401cf8fa1d0904dc85610C:\Program Files\Mozilla Firefox\firefox.exeb1e4e4c0-fbdf-11e3-be28-f46d04bcc208
Error: (06/24/2014 07:43:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233xul.dll30.0.0.5269539141b1c000000500a29200136401cf8fcf34798dc8C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\xul.dll130d4d37-fbc7-11e3-be28-f46d04bcc208
Error: (06/21/2014 11:09:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b178001cf8d43446be50eC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll543192a5-f988-11e3-9d16-f46d04bcc208
==================== Memory info ===========================
Percentage of memory in use: 58%
Total physical RAM: 1014.12 MB
Available physical RAM: 420.77 MB
Total Pagefile: 2584.05 MB
Available Pagefile: 1558.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:16.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.87 GB) (Free:117.78 GB) NTFS
Drive e: () (Removable) (Total:3.72 GB) (Free:0.53 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 82376CA1)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 960FD879)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
==================== End Of Log ============================ GMER-Ergebnis: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-20 17:06:44
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ESBO 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\*******\AppData\Local\Temp\kwlyyaoc.sys
---- System - GMER 2.1 ----
SSDT 8B108DC6 ZwCreateSection
SSDT 8B108DD0 ZwRequestWaitReplyPort
SSDT 8B108DCB ZwSetContextThread
SSDT 8B108DD5 ZwSetSecurityObject
SSDT 8B108DDA ZwSystemDebugControl
SSDT 8B108D67 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 81C56A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C90212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81C9758C 4 Bytes [C6, 8D, 10, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 81C978E8 4 Bytes JMP 9257496E
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81C9792C 4 Bytes [CB, 8D, 10, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 81C979A8 4 Bytes [D5, 8D, 10, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 81C979FC 4 Bytes [DA, 8D, 10, 8B]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da17155
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da17155 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{E195A9A5-A95F-11E0-A449-806E6F6E6963} 3031749344
---- EOF - GMER 2.1 ---- Danke schon vorab. |