TR/Sirefef.77312 gefunden Hallo,
ich hab mir folgenden Trojaner TR/Sirefef.77321 eingefangen bei dem AVIRA durchgehend anschläg, wie werde ich den wieder los? Hilfe!
Hier meine FRST Logs Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by Katze (administrator) on 28-06-2013 10:42:47
Running from C:\Users\Katze\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
() C:\Windows\system32\services.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
(AnchorFree Inc.) C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
() C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
() C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Somoto) C:\Users\Katze\AppData\Local\FilesFrog Update Checker\update_checker.exe
() C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [281088 2009-01-09] (Alps Electric Co., Ltd.)
HKCU\...\Run: [Google Update] "C:\Users\Katze\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-12] (Google Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [SDP] C:\Users\Katze\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto [201808 2013-01-31] (Somoto)
MountPoints2: {2d89dfe3-5a66-11e1-a605-001f169667f6} - F:\.\Setup.exe AUTORUN=1
MountPoints2: {780ee32d-8387-11e0-b561-001f169667f6} - F:\EasySuite.exe
MountPoints2: {780ee331-8387-11e0-b561-001f169667f6} - F:\EasySuite.exe
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-03-22] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {7B522836-6BD0-4407-8D57-B0D78EA9748F} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Katze\AppData\Roaming\Mozilla\Firefox\Profiles\er6yn7g3.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Katze\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Katze\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Katze\AppData\Roaming\Mozilla\Firefox\Profiles\er6yn7g3.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\Katze\AppData\Roaming\Mozilla\Firefox\Profiles\er6yn7g3.default\Extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
FF Extension: jid0-0PGffAcVvhUBieFYkRVVc5w6lIU - C:\Users\Katze\AppData\Roaming\Mozilla\Firefox\Profiles\er6yn7g3.default\Extensions\jid0-0PGffAcVvhUBieFYkRVVc5w6lIU@jetpack.xpi
FF Extension: jid1-W5guVoyeUR0uBg - C:\Users\Katze\AppData\Roaming\Mozilla\Firefox\Profiles\er6yn7g3.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi
FF Extension: No Name - C:\Users\Katze\AppData\Roaming\Mozilla\Firefox\Profiles\er6yn7g3.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: No Name - C:\Users\Katze\AppData\Roaming\Mozilla\Firefox\Profiles\er6yn7g3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Katze\AppData\Roaming\Mozilla\Firefox\Profiles\er6yn7g3.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM-x32\...\Mozilla Firefox 21.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 21.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\plugins
FF HKLM-x32\...\Mozilla Thunderbird 3.1.10\Extensions: [Components] C:\Program Files (x86)\Mozilla Thunderbird\components
FF Extension: No Name - C:\Program Files (x86)\Mozilla Thunderbird\components
FF HKLM-x32\...\Mozilla Thunderbird 3.1.10\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF HKCU\...\Mozilla Firefox 21.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKCU\...\Mozilla Firefox 21.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\plugins
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Katze\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Katze\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Katze\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Katze\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Google Update) - C:\Users\Katze\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (DivX HiQ) - C:\Users\Katze\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Katze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 ExpatShieldService; C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [331608 2012-01-17] ()
S3 ExpatTrayService; C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE [77520 2012-01-17] ()
R2 ExpatWd; C:\Program Files (x86)\Expat Shield\bin\hsswd.exe [329544 2012-01-05] ()
R2 InternetEverywhere_Service; C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe [334792 2011-02-28] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-11] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-28 10:42 - 2013-06-28 10:42 - 01933484 ____A (Farbar) C:\Users\Katze\Desktop\FRST64.exe
2013-06-28 10:42 - 2013-06-28 10:42 - 00000000 ____D C:\FRST
2013-06-28 10:41 - 2013-06-28 10:41 - 01371463 ____A (Farbar) C:\Users\Katze\Desktop\FRST.exe
2013-06-28 01:25 - 2013-06-28 01:25 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-06-27 21:43 - 2013-06-27 21:43 - 00002170 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-06-27 21:43 - 2013-06-27 21:43 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-06-27 21:43 - 2013-06-27 21:43 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-06-27 17:20 - 2013-06-27 17:20 - 00076334 ____A C:\Users\Katze\Desktop\NEC-OFF07.rar
2013-06-21 14:42 - 2013-06-21 14:43 - 00053263 ____A C:\Users\Katze\Desktop\mo133.rar
2013-06-21 14:34 - 2013-06-21 14:34 - 00000000 ____D C:\Users\Katze\AppData\Local\FilesFrog Update Checker
2013-06-21 14:33 - 2013-06-21 14:33 - 00167424 ____A () C:\Users\Katze\Desktop\7ZipSetup-7kJSRtU.exe
2013-06-12 21:31 - 2013-06-12 21:31 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:31 - 2013-06-12 21:30 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-08 22:27 - 2013-06-08 22:27 - 00055610 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x12 - You Call This the Real World_.DVDRip.English.C.orig.Addic7ed.com.srt
2013-06-08 22:26 - 2013-06-08 22:26 - 00055610 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x12 - You Call This the Real World_.Antipode.English.C.orig.Addic7ed.com.srt
2013-06-06 22:25 - 2013-06-06 22:43 - 00049323 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x11 - The House of Jerome.Antipode.English.C.orig.Addic7ed.com.srt
2013-06-05 19:32 - 2013-06-05 19:32 - 00056282 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x10 - Magical Fluffy Bunny World.DVDRip.English.C.orig.Addic7ed.com.srt
2013-06-05 19:32 - 2013-06-05 19:32 - 00056282 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x10 - Magical Fluffy Bunny World.Antipode.English.C.orig.Addic7ed.com.srt
2013-05-31 21:24 - 2013-05-31 21:24 - 00060521 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x09 - Everything Starts With Gaia.Antipode.English.C.orig.Addic7ed.com.srt
2013-05-31 21:23 - 2013-05-31 21:23 - 00060521 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x09 - Everything Starts With Gaia.DVDRip.English.C.orig.Addic7ed.com.srt
==================== One Month Modified Files and Folders =======
2013-06-28 10:43 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 10:43 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 10:42 - 2013-06-28 10:42 - 01933484 ____A (Farbar) C:\Users\Katze\Desktop\FRST64.exe
2013-06-28 10:42 - 2013-06-28 10:42 - 00000000 ____D C:\FRST
2013-06-28 10:41 - 2013-06-28 10:41 - 01371463 ____A (Farbar) C:\Users\Katze\Desktop\FRST.exe
2013-06-28 10:36 - 2013-01-28 03:25 - 00000000 ____D C:\Users\Katze\AppData\Roaming\Skype
2013-06-28 10:35 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-28 10:35 - 2009-07-14 06:51 - 00058342 ____A C:\Windows\setupact.log
2013-06-28 01:32 - 2010-12-13 19:56 - 01923432 ____A C:\Windows\WindowsUpdate.log
2013-06-28 01:25 - 2013-06-28 01:25 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-06-28 01:00 - 2012-08-15 19:12 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-28 00:32 - 2012-09-12 22:39 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3891021317-3116388160-1812761019-1000UA.job
2013-06-27 23:43 - 2013-05-23 20:03 - 00000000 ____D C:\Users\Katze\AppData\Roaming\BitTorrent
2013-06-27 21:43 - 2013-06-27 21:43 - 00002170 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-06-27 21:43 - 2013-06-27 21:43 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-06-27 21:43 - 2013-06-27 21:43 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-06-27 21:43 - 2012-08-15 19:12 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-27 21:43 - 2011-05-14 23:29 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-27 21:43 - 2011-01-27 22:46 - 00000000 ____D C:\Users\Katze\AppData\Local\Adobe
2013-06-27 17:20 - 2013-06-27 17:20 - 00076334 ____A C:\Users\Katze\Desktop\NEC-OFF07.rar
2013-06-26 19:16 - 2012-09-12 22:39 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3891021317-3116388160-1812761019-1000Core.job
2013-06-23 21:02 - 2013-01-28 03:25 - 00000000 ____D C:\ProgramData\Skype
2013-06-23 21:01 - 2013-01-28 03:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-21 14:43 - 2013-06-21 14:42 - 00053263 ____A C:\Users\Katze\Desktop\mo133.rar
2013-06-21 14:34 - 2013-06-21 14:34 - 00000000 ____D C:\Users\Katze\AppData\Local\FilesFrog Update Checker
2013-06-21 14:34 - 2010-12-13 20:12 - 00000000 ____D C:\users\Katze
2013-06-21 14:33 - 2013-06-21 14:33 - 00167424 ____A () C:\Users\Katze\Desktop\7ZipSetup-7kJSRtU.exe
2013-06-12 21:31 - 2013-06-12 21:31 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:30 - 2013-06-12 21:31 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:30 - 2012-05-24 17:33 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-06-12 21:30 - 2012-02-17 14:18 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:30 - 2012-02-17 14:18 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 21:30 - 2012-01-02 00:47 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:30 - 2012-01-02 00:46 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-12 01:06 - 2011-06-03 21:59 - 00000000 ____D C:\Users\Katze\AppData\Roaming\Winamp
2013-06-08 22:27 - 2013-06-08 22:27 - 00055610 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x12 - You Call This the Real World_.DVDRip.English.C.orig.Addic7ed.com.srt
2013-06-08 22:26 - 2013-06-08 22:26 - 00055610 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x12 - You Call This the Real World_.Antipode.English.C.orig.Addic7ed.com.srt
2013-06-06 22:43 - 2013-06-06 22:25 - 00049323 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x11 - The House of Jerome.Antipode.English.C.orig.Addic7ed.com.srt
2013-06-06 22:27 - 2010-12-13 20:12 - 00000000 ____D C:\Users\Katze\AppData\Local\VirtualStore
2013-06-05 19:32 - 2013-06-05 19:32 - 00056282 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x10 - Magical Fluffy Bunny World.DVDRip.English.C.orig.Addic7ed.com.srt
2013-06-05 19:32 - 2013-06-05 19:32 - 00056282 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x10 - Magical Fluffy Bunny World.Antipode.English.C.orig.Addic7ed.com.srt
2013-05-31 21:24 - 2013-05-31 21:24 - 00060521 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x09 - Everything Starts With Gaia.Antipode.English.C.orig.Addic7ed.com.srt
2013-05-31 21:23 - 2013-05-31 21:23 - 00060521 ____A C:\Users\Katze\Desktop\The Almighty Johnsons - 02x09 - Everything Starts With Gaia.DVDRip.English.C.orig.Addic7ed.com.srt
ZeroAccess:
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}\@
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}\L
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}\U
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}\L\00000004.@
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}\L\201d3dde
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}\L\76603ac3
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}\U\00000004.@
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}\U\00000008.@
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}\U\000000cb.@
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}\U\80000000.@
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}\U\80000032.@
C:\Windows\Installer\{97026fd3-5a92-dc0b-ec1e-555e191c6aaf}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0329216 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION!
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-06-24 11:34
==================== End Of Log ============================
Und das Addition Log Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2013
Ran by Katze at 2013-06-28 10:44:19
Running from C:\Users\Katze\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
2007 Microsoft Office Suite Service Pack 1 (SP1) (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
ALPS Touch Pad Driver
Avira Free Antivirus (x32 Version: 12.1.9.1236)
Backlink Power Indexer (x32 Version: 1.0.8)
BitTorrent (x32 Version: 7.8.0.29676)
Bundled software uninstaller (x32)
DivX-Setup (x32 Version: 2.5.0.8)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Expat Shield 2.25 (x32 Version: 2.25)
FilesFrog Update Checker (x32)
Google Chrome (HKCU Version: 27.0.1453.116)
ICQ7.2 (x32 Version: 7.2)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2869)
Internet Everywhere (x32 Version: 1.0)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
McAfee Security Scan Plus (x32 Version: 3.0.285.6)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6213.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6213.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6213.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6215.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.4763.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
Mozilla Thunderbird (3.1.10) (x32 Version: 3.1.10 (de))
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Skype™ 6.5 (x32 Version: 6.5.158)
Subtitle Workshop 2.51 (x32)
TIPP10 Version 2.0.3 (x32)
TunnelBear 1.0.30 (x32 Version: 1.0.30)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
Winamp (x32 Version: 5.61 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR 4.01 (32-Bit) (x32 Version: 4.01.0)
==================== Restore Points =========================
==================== Scheduled Tasks (whitelisted) =============
Task: {22C80438-73F5-45EC-AD3B-0803E31FF043} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3891021317-3116388160-1812761019-1000UA => C:\Users\Katze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)
Task: {2974B49D-44B5-4156-BBBB-75DB20D18043} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {3BBFF895-79B6-48D6-B3A1-4CD9EE81C93B} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {627B5919-2F08-4DAC-8400-002A85E4E646} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {7270B71B-F5C2-4E76-BBBD-C8BC14E4DE1E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-27] (Adobe Systems Incorporated)
Task: {78D3C337-2AD1-490E-B556-853D4BD9F68B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe No File
Task: {881DCA38-24AC-477B-9FAD-D353943C0945} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] ()
Task: {8A2A4C63-0353-44D6-9863-D8A42BDC7476} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3891021317-3116388160-1812761019-1000Core => C:\Users\Katze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3891021317-3116388160-1812761019-1000Core.job => C:\Users\Katze\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3891021317-3116388160-1812761019-1000UA.job => C:\Users\Katze\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/28/2013 10:44:23 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x73a4c9f1
ID des fehlerhaften Prozesses: 0xcfc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/28/2013 10:43:23 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x73a4c9f1
ID des fehlerhaften Prozesses: 0xef8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/28/2013 10:42:23 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x73a4c9f1
ID des fehlerhaften Prozesses: 0xa84
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/28/2013 10:41:22 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x73a4c9f1
ID des fehlerhaften Prozesses: 0x7fc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/28/2013 10:40:22 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x73a4c9f1
ID des fehlerhaften Prozesses: 0x960
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/28/2013 01:18:18 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74b4c9f1
ID des fehlerhaften Prozesses: 0x84c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/28/2013 01:16:56 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74b4c9f1
ID des fehlerhaften Prozesses: 0x668
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/28/2013 01:15:49 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74b4c9f1
ID des fehlerhaften Prozesses: 0x8a4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/28/2013 01:14:48 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74b4c9f1
ID des fehlerhaften Prozesses: 0xc30
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/28/2013 01:13:47 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74b4c9f1
ID des fehlerhaften Prozesses: 0xddc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
System errors:
=============
Error: (06/28/2013 01:20:15 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (06/28/2013 01:20:15 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (06/28/2013 01:20:13 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (06/28/2013 01:20:07 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (06/28/2013 01:20:04 AM) (Source: Service Control Manager) (User: )
Description: avipbb
avkmgr
discache
spldr
Wanarpv6
Error: (06/27/2013 11:50:19 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (06/27/2013 11:49:25 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X64
Error: (06/27/2013 09:54:32 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X64
Error: (06/27/2013 09:34:45 PM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060
Error: (06/26/2013 08:29:49 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-01-05 11:58:21.736
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Katze\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-01-05 11:58:21.502
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Katze\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-01-05 11:58:20.894
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-01-05 11:58:20.644
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 1976.87 MB
Available physical RAM: 868.6 MB
Total Pagefile: 3953.74 MB
Available Pagefile: 2565.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:32.21 GB) (Free:0.95 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:52.01 GB) (Free:4.27 GB) NTFS (Disk=0 Partition=4)
Drive u: () (Fixed) (Total:16.61 GB) (Free:13.36 GB) NTFS (Disk=0 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: F129014D)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=32 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=90 GB) - (Type=OF Extended)
==================== End Of Log ============================
Was soll ich als nächstes tun? |