Jump to content

Search the Community

Showing results for tags 'malware rootkit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 3 results

  1. My 1-year old Mac Air laptop was massively hacked on 3/28/19. I’ve figured out how it happened and it disguised itself as a source for published medical papers. It made its debut by shutting my laptop down and when I restarted it I couldn’t use google as my safari search engine despite it showing in system preferences. All searches were directed to Yahoo! and the sites there weren’t authentic. I couldn’t even get on Apple support. I believe the malware may have gotten in through my gmail as that account was seriously affected. The more I tried to figure out what was going on by going by searching system information the more I lost access to them. Eventually my entire interface changed - it looked more like a bad reproduction of the real interface. I called apple support and they connected with my screen. We downloaded a virus detector which showed nothing but I could tell it was still there because the margins on any site were too large I’m not at all a technical person but I was driven to figure this out. I used every system investigation I could and found out my network was being entirely redirected; commands were being blocked; data was being accessed and large and continuous data packets were being sent even though my computer wasn’t on or another time while I was completely off line. I found 2 mysterious “printers” and think those were involved in redirecting my network. Going into logs I could see a lot of commands the malware set up which were very disquieting. I saw instructions related to the camera and microphone, commands to circumvent the virus scanner, activating a control to get into computer while shut off and rerouting my network. I somehow found a malicious certificate and traced it to root systems. I called in our tech person and she downloaded Malwarebytes and ran every choice but it too showed nothing She wasn’t interested in the information I’d found and trusted that the virus scan was correct She rebooted our internet and we created all new names and passwords and it seemed like it worked for about 4 days but then it showed up again The malware changed so many things especially related to keychains and passwords were being rejected Finally I sent my laptop out and it was download on an external drive Had the whole operating system deleted and downloaded it again But I’m still really concerned I’m still vulnerable and I’ll admit I’ve become extremely paranoid Could the data reloaded from the backup contain malware? I’d appreciate any input on this This malware sounds very like one i saw on this blog but it seems more advanced by protecting itself from discovery especially by deep virus scanners I documented a lot of data I found including taking screenshots with my phone If anyone is interested in that or name of site where I made that fateful download let me know Side note: My iPhone was also affected likely through gmail. My photos were being accessed as well as contacts I got locked out, had it deleted but couldn’t reactivate because my gmail was disabled.
  2. Hallo, I am experiencing some strange issues. My mouse stutters and i nearly can not mark any text while while working on the PC (copy/paste). Also i noticed some strange log file entries as i randomly tried out some tools (securitycheck). My internet seems to be slower at times too, i see the traffic lights flickering on the router but i am not actively surfing any site. Here are my logs: SecurityCheck.exe: 78011 Results of screen317's Security Check version 1.014 --- 12/23/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Emsisoft Anti-Malware Malwarebytes Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java version 32-bit out of Date! Google Chrome (61.0.3163.100) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Emsisoft Anti-Malware a2service.exe Malwarebytes Anti-Malware mbamtray.exe Emsisoft Anti-Malware a2guard.exe EMSISOFT ANTI-MALWARE a2start.exe Windows Defender MSASCuiL.exe Bitdefender Agent ProductAgentService.exe Bitdefender Home Scanner hvasrv.exe Bitdefender Home Scanner hvaag.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` MiniToolBox: MiniToolBox by Farbar Version: 17-06-2016 Ran by IngoPan (administrator) on 13-11-2017 at 14:42:12 Running from "C:\Users\IngoPan\Downloads" Microsoft Windows 10 Pro (X64) Model: System Product Name Manufacturer: System manufacturer Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows-IP-Konfiguration Der DNS-Aufl�sungscache wurde geleert. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 0.0.0.0 a.ads1.msn.com 0.0.0.0 a.ads2.msads.net 0.0.0.0 a.ads2.msn.com 0.0.0.0 a.rad.msn.com 0.0.0.0 a-0001.a-msedge.net 0.0.0.0 a-0002.a-msedge.net 0.0.0.0 a-0003.a-msedge.net 0.0.0.0 a-0004.a-msedge.net 0.0.0.0 a-0005.a-msedge.net 0.0.0.0 a-0006.a-msedge.net 0.0.0.0 a-0007.a-msedge.net 0.0.0.0 a-0008.a-msedge.net 0.0.0.0 a-0009.a-msedge.net 0.0.0.0 ac3.msn.com 0.0.0.0 ad.doubleclick.net 0.0.0.0 adnexus.net 0.0.0.0 adnxs.com 0.0.0.0 ads.msn.com 0.0.0.0 ads1.msads.net 0.0.0.0 ads1.msn.com 0.0.0.0 aidps.atdmt.com 0.0.0.0 aka-cdn-ns.adtech.de 0.0.0.0 a-msedge.net 0.0.0.0 apps.skype.com 0.0.0.0 az361816.vo.msecnd.net 0.0.0.0 az512334.vo.msecnd.net 0.0.0.0 b.ads1.msn.com 0.0.0.0 b.ads2.msads.net 0.0.0.0 b.rad.msn.com 0.0.0.0 bs.serving-sys.com There are 89 entries. ========================= IP Configuration: ================================ Intel(R) Ethernet Connection (2) I219-V = Ethernet (Connected) Microsoft KM-TEST Loopback Adapter = Npcap Loopback Adapter (Connected) Bluetooth Device (Personal Area Network) = Bluetooth-Netzwerkverbindung (Media disconnected) PdaNet Broadband Adapter = PdaNet Broadband Connection (Media disconnected) # ---------------------------------- # IPv4-Konfiguration # ---------------------------------- pushd interface ipv4 reset popd # Ende der IPv4-Konfiguration Windows-IP-Konfiguration Hostname . . . . . . . . . . . . : IngoPan Prim„res DNS-Suffix . . . . . . . : Knotentyp . . . . . . . . . . . . : Hybrid IP-Routing aktiviert . . . . . . : Nein WINS-Proxy aktiviert . . . . . . : Nein Ethernet-Adapter Ethernet: Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-V Physische Adresse . . . . . . . . : 88-88-88-88-87-88 DHCP aktiviert. . . . . . . . . . : Ja Autokonfiguration aktiviert . . . : Ja Verbindungslokale IPv6-Adresse . : fe80::9ddc:f9f3:4bb5:84d0%3(Bevorzugt) IPv4-Adresse . . . . . . . . . . : 192.168.1.21(Bevorzugt) Subnetzmaske . . . . . . . . . . : 255.255.255.0 Lease erhalten. . . . . . . . . . : Montag, 13. November 2017 14:12:54 Lease l„uft ab. . . . . . . . . . : Dienstag, 14. November 2017 14:13:34 Standardgateway . . . . . . . . . : 192.168.1.1 DHCP-Server . . . . . . . . . . . : 192.168.1.1 DHCPv6-IAID . . . . . . . . . . . : 210274440 DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1F-1B-4F-2A-88-88-88-88-87-88 DNS-Server . . . . . . . . . . . : 192.168.1.1 NetBIOS ber TCP/IP . . . . . . . : Aktiviert Ethernet-Adapter Npcap Loopback Adapter: Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : Npcap Loopback Adapter Physische Adresse . . . . . . . . : 02-00-4C-4F-4F-50 DHCP aktiviert. . . . . . . . . . : Ja Autokonfiguration aktiviert . . . : Ja Verbindungslokale IPv6-Adresse . : fe80::fd05:8b12:5a13:90da%13(Bevorzugt) IPv4-Adresse (Auto. Konfiguration): 169.254.144.218(Bevorzugt) Subnetzmaske . . . . . . . . . . : 255.255.0.0 Standardgateway . . . . . . . . . : DHCPv6-IAID . . . . . . . . . . . : 285343820 DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1F-1B-4F-2A-88-88-88-88-87-88 DNS-Server . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS ber TCP/IP . . . . . . . : Aktiviert Server: unknown Address: 192.168.1.1 Name: google.com Addresses: 2a00:1450:4010:c0d::71 173.194.73.113 173.194.73.100 173.194.73.102 173.194.73.138 173.194.73.101 173.194.73.139 Ping wird ausgefhrt fr google.com [173.194.73.139] mit 32 Bytes Daten: Antwort von 173.194.73.139: Bytes=32 Zeit=46ms TTL=44 Antwort von 173.194.73.139: Bytes=32 Zeit=78ms TTL=44 Ping-Statistik fr 173.194.73.139: Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust), Ca. Zeitangaben in Millisek.: Minimum = 46ms, Maximum = 78ms, Mittelwert = 62ms Server: unknown Address: 192.168.1.1 Name: yahoo.com Addresses: 2001:4998:44:204::100d 2001:4998:c:e33::53 2001:4998:58:2201::73 98.138.252.38 206.190.39.42 98.139.180.180 Ping wird ausgefhrt fr yahoo.com [98.139.180.180] mit 32 Bytes Daten: Antwort von 98.139.180.180: Bytes=32 Zeit=111ms TTL=49 Antwort von 98.139.180.180: Bytes=32 Zeit=111ms TTL=49 Ping-Statistik fr 98.139.180.180: Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust), Ca. Zeitangaben in Millisek.: Minimum = 111ms, Maximum = 111ms, Mittelwert = 111ms Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten: Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128 Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128 Ping-Statistik fr 127.0.0.1: Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust), Ca. Zeitangaben in Millisek.: Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms =========================================================================== Schnittstellenliste 3...88 88 88 88 87 88 ......Intel(R) Ethernet Connection (2) I219-V 13...02 00 4c 4f 4f 50 ......Npcap Loopback Adapter 1...........................Software Loopback Interface 1 =========================================================================== IPv4-Routentabelle =========================================================================== Aktive Routen: Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.21 25 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331 169.254.0.0 255.255.0.0 Auf Verbindung 169.254.144.218 281 169.254.144.218 255.255.255.255 Auf Verbindung 169.254.144.218 281 169.254.255.255 255.255.255.255 Auf Verbindung 169.254.144.218 281 192.168.1.0 255.255.255.0 Auf Verbindung 192.168.1.21 281 192.168.1.21 255.255.255.255 Auf Verbindung 192.168.1.21 281 192.168.1.255 255.255.255.255 Auf Verbindung 192.168.1.21 281 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 331 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.1.21 281 224.0.0.0 240.0.0.0 Auf Verbindung 169.254.144.218 281 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.1.21 281 255.255.255.255 255.255.255.255 Auf Verbindung 169.254.144.218 281 =========================================================================== St„ndige Routen: Keine IPv6-Routentabelle =========================================================================== Aktive Routen: If Metrik Netzwerkziel Gateway 1 331 ::1/128 Auf Verbindung 3 281 fe80::/64 Auf Verbindung 13 281 fe80::/64 Auf Verbindung 3 281 fe80::9ddc:f9f3:4bb5:84d0/128 Auf Verbindung 13 281 fe80::fd05:8b12:5a13:90da/128 Auf Verbindung 1 331 ff00::/8 Auf Verbindung 3 281 ff00::/8 Auf Verbindung 13 281 ff00::/8 Auf Verbindung =========================================================================== St„ndige Routen: Keine ========================= Winsock entries ===================================== Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation) Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation) Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation) Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation) Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation) Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation) Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) x64-Catalog9 13 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (11/13/2017 02:42:03 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Error: (11/13/2017 02:40:22 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Error: (11/13/2017 02:13:07 PM) (Source: Software Protection Platform Service) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0x803F7001 Befehlszeilenargumente: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/13/2017 02:12:59 PM) (Source: Software Protection Platform Service) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0x8007139F Befehlszeilenargumente: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/13/2017 02:07:19 PM) (Source: .NET Runtime) (User: ) Description: Anwendung: wmiprvse.exe Frameworkversion: v4.0.30319 Beschreibung: Die Anwendung forderte die Beendigung des Prozesses durch System.Environment.FailFast(Zeichenfolgenmeldung) an. Meldung: Unerwartete Anbieterausnahme: System.Exception: Der Dienst kann nicht im abgesicherten Modus gestartet werden. Der Dienst kann nicht im abgesicherten Modus gestartet werden. bei Windows.Management.Deployment.PackageManager.FindPackagesForUser(String userSecurityId, String packageFamilyName) bei Microsoft.Uev.ManagedAgentWmi.WinRT.BaseHelpers.IsInstalled(String packageFamilyName) bei Microsoft.Uev.ManagedAgentWmi.WinRT.Windows8AppListWinRt.GetConfiguredList(Boolean isUserList) bei Microsoft.Uev.ManagedAgentWmi.MachineConfiguredWindows8App.EnumerateAppPackages() Stapel: bei System.Environment.FailFast(System.String) bei WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink) Error: (11/13/2017 02:07:19 PM) (Source: Microsoft Security Client) (User: ) Description: 0x1ProtectionManagement Error: (11/13/2017 02:07:19 PM) (Source: Microsoft Security Client) (User: ) Description: 0x1ProtectionManagement Error: (11/13/2017 02:07:15 PM) (Source: Microsoft Security Client) (User: ) Description: 0x1ProtectionManagement Error: (11/13/2017 02:07:15 PM) (Source: Microsoft Security Client) (User: ) Description: 0x1ProtectionManagement Error: (11/13/2017 01:57:22 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. System errors: ============= Error: (11/13/2017 02:13:05 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/13/2017 02:13:05 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/13/2017 02:12:53 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ioperm" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 = Das System kann den angegebenen Pfad nicht finden. Error: (11/13/2017 02:12:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: %%50 = Die Anforderung wird nicht unterstützt. Error: (11/13/2017 02:12:21 PM) (Source: DCOM) (User: INGOPAN) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/13/2017 02:12:15 PM) (Source: DCOM) (User: INGOPAN) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/13/2017 02:12:07 PM) (Source: DCOM) (User: INGOPAN) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/13/2017 02:07:32 PM) (Source: DCOM) (User: INGOPAN) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/13/2017 02:07:00 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: 1084EventSystemNicht verfügbar{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (11/13/2017 02:05:25 PM) (Source: DCOM) (User: INGOPAN) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office Sessions: ========================= Error: (11/13/2017 02:42:03 PM) (Source: SideBySide)(User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (11/13/2017 02:40:22 PM) (Source: SideBySide)(User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (11/13/2017 02:13:07 PM) (Source: Software Protection Platform Service)(User: ) Description: hr=0x803F7001RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/13/2017 02:12:59 PM) (Source: Software Protection Platform Service)(User: ) Description: hr=0x8007139FRuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/13/2017 02:07:19 PM) (Source: .NET Runtime)(User: ) Description: Anwendung: wmiprvse.exe Frameworkversion: v4.0.30319 Beschreibung: Die Anwendung forderte die Beendigung des Prozesses durch System.Environment.FailFast(Zeichenfolgenmeldung) an. Meldung: Unerwartete Anbieterausnahme: System.Exception: Der Dienst kann nicht im abgesicherten Modus gestartet werden. Der Dienst kann nicht im abgesicherten Modus gestartet werden. bei Windows.Management.Deployment.PackageManager.FindPackagesForUser(String userSecurityId, String packageFamilyName) bei Microsoft.Uev.ManagedAgentWmi.WinRT.BaseHelpers.IsInstalled(String packageFamilyName) bei Microsoft.Uev.ManagedAgentWmi.WinRT.Windows8AppListWinRt.GetConfiguredList(Boolean isUserList) bei Microsoft.Uev.ManagedAgentWmi.MachineConfiguredWindows8App.EnumerateAppPackages() Stapel: bei System.Environment.FailFast(System.String) bei WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink) Error: (11/13/2017 02:07:19 PM) (Source: Microsoft Security Client)(User: ) Description: 0x1ProtectionManagement Error: (11/13/2017 02:07:19 PM) (Source: Microsoft Security Client)(User: ) Description: 0x1ProtectionManagement Error: (11/13/2017 02:07:15 PM) (Source: Microsoft Security Client)(User: ) Description: 0x1ProtectionManagement Error: (11/13/2017 02:07:15 PM) (Source: Microsoft Security Client)(User: ) Description: 0x1ProtectionManagement Error: (11/13/2017 01:57:22 PM) (Source: SideBySide)(User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestC:\Users\IngoPan\Downloads\esetsmartinstaller_deu.exe CodeIntegrity Errors: =================================== Date: 2017-11-13 14:40:19.805 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-11-13 14:23:10.227 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Microsoft signing level requirements. Date: 2017-11-13 14:23:09.989 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements. Date: 2017-11-13 14:22:54.447 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-11-13 14:22:54.403 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-11-13 14:12:56.940 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-10-20 01:40:41.160 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-10-20 01:29:34.311 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-10-20 01:29:10.298 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-10-20 01:27:00.174 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. =========================== Installed Programs ============================ Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.33.1 - Asmedia Technology) Asus Sonic Suite Plugins (HKLM-x32\...\{53eaa65b-5cab-459c-9642-a408bdcf43a3}) (Version: 2.1.3301 - ASUSTeKcomputer.Inc) Hidden Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 22.0.10.60 - Bitdefender) Bitdefender Home Scanner (HKLM\...\Bitdefender Home Scanner) (Version: 1.0.2.251 - Bitdefender) CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform) ClamAV-x64 (HKLM\...\{EFAEABEF-06ED-4095-9BAA-A5B1D1B4AACA}) (Version: 0.99.3 - Cisco Systems, Inc.) ClamWin Free Antivirus 0.99.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch) Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft) Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.4 - Emsisoft Ltd.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Foxit PhantomPDF (HKLM-x32\...\{EAD14BB8-898B-11E7-8126-000C29C1951D}) (Version: 8.3.2.25013 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.1.6871 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version: - SlavaSoft Inc.) HxD Hex Editor Version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation) Intel(R) Network Connections 22.7.18.0 (HKLM\...\PROSetDX) (Version: 22.7.18.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4849 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.1.1028 - Intel Corporation) Intel® Binary Modification Program (HKLM-x32\...\{32706343-E3D9-4F5C-A34C-3F6B22195843}) (Version: 1.00.0000 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{88c01fa9-4562-4ab1-8221-6d1b56778e48}) (Version: 10.1.17415.8036 - Intel(R) Corporation) Hidden IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit) Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Malwarebytes Version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 56.0.2 (x64 de) (HKLM\...\Mozilla Firefox 56.0.2 (x64 de)) (Version: 56.0.2 - Mozilla) NahimicSettingsConfigurator (HKLM\...\{B9CE5642-0F22-4A75-B32A-98972F21C0C9}) (Version: 2.1.3301 - ASUSTeKcomputer.Inc) Hidden Nmap 7.60 (HKLM-x32\...\Nmap) (Version: 7.60 - ) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team) Npcap 0.92 (HKLM-x32\...\NpcapInst) (Version: 0.92 - Nmap Project) Öko-Treiber Pack (HKLM-x32\...\Samsung Eco Driver Pack) (Version: 2.01.10.00 (28.05.2015) - Samsung Electronics Co., Ltd.) PdaNet+ for Android 4.19 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) RogueKiller Version 12.11.18.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.18.0 - Adlice Software) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.) Sandboxie 5.22 (64-bit) (HKLM\...\Sandboxie) (Version: 5.22 - Sandboxie Holdings, LLC) Sonic Studio Plugin (HKLM\...\{E6A187B7-0949-4AAE-BF6B-579FD3F6E55D}) (Version: 2.1.3301 - ASUSTeKcomputer.Inc) Hidden Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.10 - Ghisler Software GmbH) VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 22% Total physical RAM: 16252.36 MB Available physical RAM: 12584.91 MB Total Virtual: 32636.36 MB Available Virtual: 28880.34 MB ========================= Partitions: ===================================== 1 Drive c: (CMarie) (Fixed) (Total:465.22 GB) (Free:294.89 GB) NTFS 2 Drive d: (strel) (Removable) (Total:57.84 GB) (Free:54.24 GB) NTFS ========================= Users: ======================================== Benutzerkonten fr \\INGOPAN Administrator DefaultAccount defaultuser0 Gast IngoPan Der Befehl wurde erfolgreich ausgefhrt. ========================= Minidump Files ================================== No minidump file found ========================= Restore Points ================================== 13-11-2017 12:52:41 Removed Classic Shell **** End of log **** --------------------------- Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03 --------------------------- Addition.txt wurde im gleichen Verzeichnis wie FRST gespeichert. --------------------------- OK --------------------------- Addition: Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03 durchgeführt von IngoPan (13-11-2017 15:17:10) Gestartet von C:\Users\IngoPan\Downloads Windows 10 Pro Version 1703 15063.674 (X64) (2017-10-09 16:56:24) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1092000401-601460857-2167072494-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1092000401-601460857-2167072494-503 - Limited - Disabled) defaultuser0 (S-1-5-21-1092000401-601460857-2167072494-1000 - Limited - Disabled) => C:\Users\defaultuser0 Gast (S-1-5-21-1092000401-601460857-2167072494-501 - Limited - Disabled) IngoPan (S-1-5-21-1092000401-601460857-2167072494-1001 - Administrator - Enabled) => C:\Users\IngoPan ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.33.1 - Asmedia Technology) Asus Sonic Suite Plugins (HKLM-x32\...\{53eaa65b-5cab-459c-9642-a408bdcf43a3}) (Version: 2.1.3301 - ASUSTeKcomputer.Inc) Hidden Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 22.0.10.60 - Bitdefender) Bitdefender Home Scanner (HKLM\...\Bitdefender Home Scanner) (Version: 1.0.2.251 - Bitdefender) CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform) ClamAV-x64 (HKLM\...\{EFAEABEF-06ED-4095-9BAA-A5B1D1B4AACA}) (Version: 0.99.3 - Cisco Systems, Inc.) ClamWin Free Antivirus 0.99.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch) Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft) Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.4 - Emsisoft Ltd.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Foxit PhantomPDF (HKLM-x32\...\{EAD14BB8-898B-11E7-8126-000C29C1951D}) (Version: 8.3.2.25013 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.1.6871 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version: - SlavaSoft Inc.) HxD Hex Editor Version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation) Intel(R) Network Connections 22.7.18.0 (HKLM\...\PROSetDX) (Version: 22.7.18.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4849 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.1.1028 - Intel Corporation) Intel® Binary Modification Program (HKLM-x32\...\{32706343-E3D9-4F5C-A34C-3F6B22195843}) (Version: 1.00.0000 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{88c01fa9-4562-4ab1-8221-6d1b56778e48}) (Version: 10.1.17415.8036 - Intel(R) Corporation) Hidden IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit) Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Malwarebytes Version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 56.0.2 (x64 de) (HKLM\...\Mozilla Firefox 56.0.2 (x64 de)) (Version: 56.0.2 - Mozilla) NahimicSettingsConfigurator (HKLM\...\{B9CE5642-0F22-4A75-B32A-98972F21C0C9}) (Version: 2.1.3301 - ASUSTeKcomputer.Inc) Hidden Nmap 7.60 (HKLM-x32\...\Nmap) (Version: 7.60 - ) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team) Npcap 0.92 (HKLM-x32\...\NpcapInst) (Version: 0.92 - Nmap Project) Öko-Treiber Pack (HKLM-x32\...\Samsung Eco Driver Pack) (Version: 2.01.10.00 (28.05.2015) - Samsung Electronics Co., Ltd.) PdaNet+ for Android 4.19 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) RogueKiller Version 12.11.18.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.18.0 - Adlice Software) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.) Sandboxie 5.22 (64-bit) (HKLM\...\Sandboxie) (Version: 5.22 - Sandboxie Holdings, LLC) Sonic Studio Plugin (HKLM\...\{E6A187B7-0949-4AAE-BF6B-579FD3F6E55D}) (Version: 2.1.3301 - ASUSTeKcomputer.Inc) Hidden Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.10 - Ghisler Software GmbH) VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-29] () ContextMenuHandlers1: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] () ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-02-15] (Foxit Software Inc.) ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal) ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1f28369fa9564093\igfxDTCM.dll [2017-11-06] (Intel Corporation) ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] () ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers6-x32: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.) ContextMenuHandlers6-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-02-15] (Foxit Software Inc.) ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6-x32: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2017-08-13] (IvoSoft) ContextMenuHandlers6-x32: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal) ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {1F91B31A-9389-4C14-98CB-03DD83F0CFDB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.) Task: {28F9BCFE-AECE-4756-9327-3A0A55E6C9C6} - System32\Tasks\Bitdefender AgentTask_6F2980EE6088481484E6D8285516CD07 => C:\Program Files\Bitdefender Home Scanner\hvaag.exe [2017-10-16] (Bitdefender) Task: {3BD10DE1-D606-49C1-B370-4135F4C59F3D} - System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => C:\WINDOWS\System32\LxRun.exe [2017-10-19] (Microsoft Corporation) Task: {89BB12F3-ABDC-463C-8FE1-CAA8A0DBDB83} - System32\Tasks\S-1-5-21-1092000401-601460857-2167072494-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation) Task: {BE1B0C1C-3454-49F7-92DB-C22B7189DC8E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender) Task: {D210B794-B6C6-45FF-8940-EA8E7BEC5ED5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.) Task: {FC4C1485-8D32-4C3C-9C32-1D149869B9D3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd) Task: {FE07363D-C984-407B-A8DC-23D59DEC9D31} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-02-15 21:01 - 2016-02-15 21:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll 2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-11-12 22:28 - 2008-04-19 17:35 - 000080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll 2017-08-29 01:43 - 2017-08-29 01:43 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll 2017-03-18 21:59 - 2017-03-20 05:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-10-06 13:35 - 2017-09-21 08:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll 2017-10-06 13:35 - 2017-09-21 08:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\download.microsoft.com -> hxxp://download.microsoft.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\microsoft.com -> hxxp://ntservicepack.microsoft.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\update.microsoft.com -> hxxp://update.microsoft.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\update.microsoft.com -> hxxps://update.microsoft.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\windows.com -> hxxp://wustat.windows.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\windowsupdate.com -> hxxp://download.windowsupdate.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\windowsupdate.com -> hxxps://download.windowsupdate.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\ws.microsoft.com -> hxxp://ws.microsoft.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\ws.microsoft.com -> hxxps://ws.microsoft.com IE trusted site: HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\wustat.windows.com -> hxxp://wustat.windows.com ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2016-07-16 12:47 - 2017-11-12 22:44 - 000004880 _____ C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 a.ads1.msn.com 0.0.0.0 a.ads2.msads.net 0.0.0.0 a.ads2.msn.com 0.0.0.0 a.rad.msn.com 0.0.0.0 a-0001.a-msedge.net 0.0.0.0 a-0002.a-msedge.net 0.0.0.0 a-0003.a-msedge.net 0.0.0.0 a-0004.a-msedge.net 0.0.0.0 a-0005.a-msedge.net 0.0.0.0 a-0006.a-msedge.net 0.0.0.0 a-0007.a-msedge.net 0.0.0.0 a-0008.a-msedge.net 0.0.0.0 a-0009.a-msedge.net 0.0.0.0 ac3.msn.com 0.0.0.0 ad.doubleclick.net 0.0.0.0 adnexus.net 0.0.0.0 adnxs.com 0.0.0.0 ads.msn.com 0.0.0.0 ads1.msads.net 0.0.0.0 ads1.msn.com 0.0.0.0 aidps.atdmt.com 0.0.0.0 aka-cdn-ns.adtech.de 0.0.0.0 a-msedge.net 0.0.0.0 apps.skype.com 0.0.0.0 az361816.vo.msecnd.net 0.0.0.0 az512334.vo.msecnd.net 0.0.0.0 b.ads1.msn.com 0.0.0.0 b.ads2.msads.net 0.0.0.0 b.rad.msn.com 0.0.0.0 bs.serving-sys.com Da befinden sich 91 zusätzliche Einträge. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1092000401-601460857-2167072494-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "SecurityHealth" HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk" HKU\S-1-5-21-1092000401-601460857-2167072494-1001\...\StartupApproved\Run: => "OneDrive" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [TCP Query User{5CFD65EA-011B-46D0-B366-DFF1AA21A712}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{42F70DC2-5306-479E-A664-0D134664D656}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [{929F036C-8756-4612-807A-9F5417FAA405}] => (Allow) C:\Program Files\Bitdefender Home Scanner\hvasrv.exe ==================== Wiederherstellungspunkte ========================= 13-11-2017 13:52:41 Removed Classic Shell Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI. ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/13/2017 02:45:09 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Error: (11/13/2017 02:42:03 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Error: (11/13/2017 02:40:22 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Error: (11/13/2017 02:13:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0x803F7001 Befehlszeilenargumente: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/13/2017 02:12:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0x8007139F Befehlszeilenargumente: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/13/2017 02:07:19 PM) (Source: .NET Runtime) (EventID: 1025) (User: ) Description: Anwendung: wmiprvse.exe Frameworkversion: v4.0.30319 Beschreibung: Die Anwendung forderte die Beendigung des Prozesses durch System.Environment.FailFast(Zeichenfolgenmeldung) an. Meldung: Unerwartete Anbieterausnahme: System.Exception: Der Dienst kann nicht im abgesicherten Modus gestartet werden. Der Dienst kann nicht im abgesicherten Modus gestartet werden. bei Windows.Management.Deployment.PackageManager.FindPackagesForUser(String userSecurityId, String packageFamilyName) bei Microsoft.Uev.ManagedAgentWmi.WinRT.BaseHelpers.IsInstalled(String packageFamilyName) bei Microsoft.Uev.ManagedAgentWmi.WinRT.Windows8AppListWinRt.GetConfiguredList(Boolean isUserList) bei Microsoft.Uev.ManagedAgentWmi.MachineConfiguredWindows8App.EnumerateAppPackages() Stapel: bei System.Environment.FailFast(System.String) bei WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink) Error: (11/13/2017 02:07:19 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (11/13/2017 02:07:19 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (11/13/2017 02:07:15 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (11/13/2017 02:07:15 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Systemfehler: ============= Error: (11/13/2017 02:46:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) PROSet Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/13/2017 02:13:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (11/13/2017 02:13:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (11/13/2017 02:12:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "ioperm" wurde aufgrund folgenden Fehlers nicht gestartet: Das System kann den angegebenen Pfad nicht finden. Error: (11/13/2017 02:12:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: Die Anforderung wird nicht unterstützt. Error: (11/13/2017 02:12:21 PM) (Source: DCOM) (EventID: 10005) (User: INGOPAN) Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/13/2017 02:12:15 PM) (Source: DCOM) (EventID: 10005) (User: INGOPAN) Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/13/2017 02:12:07 PM) (Source: DCOM) (EventID: 10005) (User: INGOPAN) Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/13/2017 02:07:32 PM) (Source: DCOM) (EventID: 10005) (User: INGOPAN) Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/13/2017 02:07:00 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT) Description: Fehler "1084" in DCOM, als der Dienst "EventSystem" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} CodeIntegrity: =================================== Date: 2017-11-13 14:40:19.805 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-11-13 14:23:10.227 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Microsoft signing level requirements. Date: 2017-11-13 14:23:09.989 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements. Date: 2017-11-13 14:22:54.447 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-11-13 14:22:54.403 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-11-13 14:12:56.940 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-10-20 01:40:41.160 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-10-20 01:29:34.311 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-10-20 01:29:10.298 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-10-20 01:27:00.174 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz Prozentuale Nutzung des RAM: 21% Installierter physikalischer RAM: 16252.36 MB Verfügbarer physikalischer RAM: 12696.47 MB Summe virtueller Speicher: 32636.36 MB Verfügbarer virtueller Speicher: 28965.69 MB ==================== Laufwerke ================================ Drive c: (CMarie) (Fixed) (Total:465.22 GB) (Free:294.94 GB) NTFS Drive d: (strel) (Removable) (Total:57.84 GB) (Free:54.24 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0022B12A) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 57.8 GB) (Disk ID: 0008A6C8) Partition 1: (Active) - (Size=57.8 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================
  3. Hello, I'm suspecting I have malware in my computer. Although I have scanned with MSE, Spybot S&D2, HouseCall, Emsisoft antimalware, MBytes AM, MBytes AR, ZoneAlarm, herdProtect, submited particular files to virustotal.com (and came up clean) and running RUBotted, nothing came up. Every scan was performed as deep as possible (full system scans, always updated before start scanning). The only things that once came up were some trainers for a game and a [PUP.BitCoinMiner and Trojan.BitCoinMiner]. Since I don't use those things (just tryied out), quarentined them. One thing I noted is that I have a log for a service (in windows event logs), called "Service1" wich starts everytime I startup my computer, but that "Service1" is not visible in the services list (neither in taskmgr, or services from control panel, or from comodo killswitch, checking scan for hidden services and hidden processes). I noticed that "System" was listening to port 1234, wich is a known port for subseven trojan. I started looking svchost.exe, ntoskernel.exe, services.exe, and so forth. Every time I ran a full system scan it came up clean. However, when I copied the files (svchost.exe, services.exe, ntoskernel.exe) to MyDocuments and scanned those files MBAM came up with something. For svchost.exe->Trojan.Agent, and for services.exe->Worm.Autorun. And the thing gets more funnier, if I copy the files instead to MyDocuments\scan (for example), the scans come out clean. Uploading the files to virustotal comes up clean aswell. I cannot find where does this "Service1" originates, neither what it does. Can you help me? Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.