| |
| |||||||
Log-Analyse und Auswertung: Trojaner Dropper.Generic2.ANEO am USB-StickWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.09.2013, 16:51
| #1 |
 |  Trojaner Dropper.Generic2.ANEO am USB-Stick Grüß euch! Ich habe gestern einen kompletten MBAM Scan laufen lassen, weil der Quickscan ein PUP gefunden hat. Dabei ist das AVG aktiv geworden und zeigte mir eine Meldung für eine Systemdatei meines USB-Sticks: Code:
ATTFilter "";"Trojaner: Dropper.Generic2.ANEO, H:\system\igfxpiers.exe";"Infiziert"
Defogger ist noch aktiv FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Philipp (administrator) on PHILIPP-PC on 29-09-2013 17:01:49
Running from C:\Users\Philipp\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(National Instruments, Inc.) C:\windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\windows\SysWOW64\lkads.exe
(National Instruments Corporation) C:\windows\SysWOW64\lktsrv.exe
( ) C:\windows\system32\lxdicoms.exe
() D:\Programme\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
(National Instruments Corporation) D:\Programme\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\windows\SysWOW64\nisvcloc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(O&O Software GmbH) D:\Programme\OODefrag\oodag.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
() C:\windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\3DataManager\WTGService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) D:\Programme\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) D:\Programme\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [Creative SB Monitoring Utility] - RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [EvtMgr6] - D:\Programme\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [PC Suite Tray] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKCU\...\Run: [Skype] - D:\Programme\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [CTSysVol] - C:\Program Files (x86)\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe [57344 2003-09-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [SbUsb AudCtrl] - C:\Windows\\SysWOW64\sbusbdll.dll [119296 2004-07-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [701872 2013-01-24] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs: {DLL_Str}, C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1AA84EB2-4A39-434E-AAB8-07384EA43ADE}: [NameServer]129.27.2.3,129.27.3.3
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: socksharedownloader - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\profiles\extensions\socksharedownloader@socksharedownloader.com.xpi
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-08-17] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-08-17] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-08-17] ()
R2 LkCitadelServer; C:\windows\SysWOW64\lkcitdl.exe [695136 2009-09-29] (National Instruments, Inc.)
R2 lkClassAds; C:\windows\SysWOW64\lkads.exe [43056 2010-03-10] (National Instruments Corporation)
R2 lkTimeSync; C:\windows\SysWOW64\lktsrv.exe [53808 2010-03-10] (National Instruments Corporation)
R2 lxdi_device; C:\windows\system32\lxdicoms.exe [876976 2007-06-11] ( )
R2 mitsijm2011; D:\Programme\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [673792 2010-01-22] ()
R2 NIDomainService; D:\Programme\National Instruments\Shared\Security\nidmsrv.exe [358448 2010-03-10] (National Instruments Corporation)
S4 NILM License Manager; D:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2009-09-18] (Macrovision Corporation)
R2 niSvcLoc; C:\windows\SysWOW64\nisvcloc.exe [13896 2009-10-20] (National Instruments Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1901752 2013-07-22] (Microsoft Corporation)
R2 OODefragAgent; D:\Programme\OODefrag\oodag.exe [2532680 2010-05-11] (O&O Software GmbH)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies)
R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [312784 2009-11-06] ()
==================== Drivers (Whitelisted) ====================
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-09-27] ()
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 BFHU_BUS; C:\Windows\System32\DRIVERS\bfhu_bus.sys [20776 2006-12-16] (AVM Berlin)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-09-27] ()
R1 LUMDriver; C:\windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R1 LUMDriver; C:\windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-07-09] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-07-09] (Windows (R) 2003 DDK 3790 provider)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-03-30] (Duplex Secure Ltd.)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [26688 2009-11-04] (DTV-DVB)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [840128 2009-11-04] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-29 17:01 - 2013-09-29 17:01 - 00000000 ____D C:\FRST
2013-09-29 11:35 - 2013-09-29 11:35 - 00000308 _____ C:\windows\PFRO.log
2013-09-29 11:31 - 2013-09-29 11:31 - 00000656 _____ C:\Users\Philipp\Desktop\defogger_disable.log
2013-09-29 11:31 - 2013-09-29 11:31 - 00000188 _____ C:\Users\Philipp\defogger_reenable
2013-09-29 11:28 - 2013-09-29 11:28 - 00377856 _____ C:\Users\Philipp\Desktop\GMER.exe
2013-09-29 11:28 - 2013-09-29 11:28 - 00050477 _____ C:\Users\Philipp\Desktop\Defogger.exe
2013-09-29 11:24 - 2013-09-29 11:24 - 01953880 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2013-09-29 09:02 - 2013-09-29 11:36 - 00000224 _____ C:\windows\setupact.log
2013-09-29 09:02 - 2013-09-29 09:02 - 00000000 _____ C:\windows\setuperr.log
2013-09-26 00:40 - 2013-09-26 00:40 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-19 09:07 - 2013-09-19 09:07 - 00013222 _____ C:\Users\Philipp\Desktop\Gemis.exe - Verknüpfung.lnk
2013-09-18 17:40 - 2013-09-18 17:40 - 00000000 ____D C:\Users\Philipp\AppData\Local\Mendeley Ltd
2013-09-18 17:39 - 2013-09-18 17:39 - 00000723 _____ C:\Users\Public\Desktop\Mendeley Desktop.lnk
2013-09-13 11:34 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-13 11:34 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-13 11:34 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-13 11:34 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-13 11:34 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-13 11:34 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-13 11:34 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-13 11:34 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-13 11:34 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-13 11:34 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-13 11:34 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-13 11:34 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-13 11:34 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-13 11:34 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-13 11:34 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-13 11:34 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-13 11:34 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-13 11:34 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-13 11:34 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-13 11:34 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-13 11:34 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-13 11:34 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-13 11:34 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-09-13 11:34 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-13 11:34 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-13 11:34 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-13 11:34 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-13 11:34 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-13 11:34 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-13 11:34 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-13 11:34 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 11:23 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-13 11:23 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-13 11:23 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-09-13 11:23 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-09-13 11:23 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-09-13 11:23 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-09-13 11:23 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-09-13 11:23 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-13 11:23 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-09-13 11:23 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-13 11:23 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-09-13 11:23 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-09-13 11:23 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-09-13 11:23 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2013-09-13 11:23 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2013-09-13 11:23 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-13 11:23 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2013-09-13 11:23 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-09-13 11:23 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-09-13 11:23 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-09-13 11:23 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-09-13 11:23 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 11:23 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 11:23 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-13 11:23 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-13 11:23 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-09-13 11:23 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-09-12 12:22 - 2013-09-12 12:22 - 00001090 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys
2013-09-02 18:07 - 2013-09-29 11:59 - 00005150 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Philipp-PC-Philipp Philipp-PC
2013-09-01 12:01 - 2013-09-01 12:01 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Opera Software
2013-09-01 12:01 - 2013-09-01 12:01 - 00000000 ____D C:\Users\Philipp\AppData\Local\Opera Software
==================== One Month Modified Files and Folders =======
2013-09-29 17:02 - 2010-08-08 12:04 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Skype
2013-09-29 17:01 - 2013-09-29 17:01 - 00000000 ____D C:\FRST
2013-09-29 16:09 - 2010-04-26 10:14 - 01411016 _____ C:\windows\WindowsUpdate.log
2013-09-29 11:59 - 2013-09-02 18:07 - 00005150 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Philipp-PC-Philipp Philipp-PC
2013-09-29 11:51 - 2011-07-04 10:39 - 00000000 ____D C:\Users\Philipp\Documents\Outlook Files
2013-09-29 11:43 - 2009-07-14 06:45 - 00022976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 11:43 - 2009-07-14 06:45 - 00022976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-29 11:38 - 2011-12-18 14:23 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Dropbox
2013-09-29 11:37 - 2011-12-18 14:25 - 00000000 ___RD C:\Users\Philipp\Dropbox
2013-09-29 11:36 - 2013-09-29 09:02 - 00000224 _____ C:\windows\setupact.log
2013-09-29 11:35 - 2013-09-29 11:35 - 00000308 _____ C:\windows\PFRO.log
2013-09-29 11:35 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-29 11:34 - 2011-07-11 13:04 - 00296072 _____ C:\windows\system32\oodbs.lor
2013-09-29 11:31 - 2013-09-29 11:31 - 00000656 _____ C:\Users\Philipp\Desktop\defogger_disable.log
2013-09-29 11:31 - 2013-09-29 11:31 - 00000188 _____ C:\Users\Philipp\defogger_reenable
2013-09-29 11:31 - 2010-08-06 19:20 - 00000000 ____D C:\Users\Philipp
2013-09-29 11:28 - 2013-09-29 11:28 - 00377856 _____ C:\Users\Philipp\Desktop\GMER.exe
2013-09-29 11:28 - 2013-09-29 11:28 - 00050477 _____ C:\Users\Philipp\Desktop\Defogger.exe
2013-09-29 11:24 - 2013-09-29 11:24 - 01953880 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2013-09-29 10:43 - 2012-10-02 17:46 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\vlc
2013-09-29 09:07 - 2010-10-24 12:33 - 00000000 ____D C:\ProgramData\MFAData
2013-09-29 09:05 - 2010-05-26 02:01 - 00697098 _____ C:\windows\system32\perfh007.dat
2013-09-29 09:05 - 2010-05-26 02:01 - 00148362 _____ C:\windows\system32\perfc007.dat
2013-09-29 09:05 - 2009-07-14 07:13 - 01613412 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-29 09:02 - 2013-09-29 09:02 - 00000000 _____ C:\windows\setuperr.log
2013-09-26 17:41 - 2012-12-19 15:24 - 00000000 ____D C:\Users\Philipp\.x2go
2013-09-26 00:40 - 2013-09-26 00:40 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-24 14:18 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-09-22 08:25 - 2010-10-08 03:39 - 00000000 ____D C:\windows\Minidump
2013-09-19 09:07 - 2013-09-19 09:07 - 00013222 _____ C:\Users\Philipp\Desktop\Gemis.exe - Verknüpfung.lnk
2013-09-18 17:40 - 2013-09-18 17:40 - 00000000 ____D C:\Users\Philipp\AppData\Local\Mendeley Ltd
2013-09-18 17:39 - 2013-09-18 17:39 - 00000723 _____ C:\Users\Public\Desktop\Mendeley Desktop.lnk
2013-09-15 08:48 - 2013-04-20 10:59 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-09-14 19:24 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2013-09-14 08:16 - 2009-08-02 04:27 - 00000000 ____D C:\windows\Panther
2013-09-14 06:48 - 2011-12-07 13:40 - 00000000 ____D C:\Users\Philipp\Desktop\lisa zeug
2013-09-14 06:45 - 2012-09-09 18:47 - 00000000 ___RD C:\Users\Philipp\Podcasts
2013-09-14 06:45 - 2010-08-06 19:43 - 00000000 ___RD C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-14 06:45 - 2010-08-06 19:43 - 00000000 ___RD C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-14 06:44 - 2009-07-14 06:45 - 00620568 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-13 11:34 - 2013-07-14 12:58 - 00000000 ____D C:\windows\system32\MRT
2013-09-13 11:26 - 2010-08-06 20:51 - 79143768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-13 11:16 - 2012-04-17 16:22 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 11:16 - 2011-05-18 18:15 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 10:57 - 2010-08-06 19:36 - 00180624 _____ C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-13 08:44 - 2012-12-17 18:39 - 00000981 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-09-12 16:05 - 2010-10-14 17:37 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\TeamViewer
2013-09-12 12:22 - 2013-09-12 12:22 - 00001090 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-09-12 12:22 - 2010-10-14 17:37 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-09-08 13:18 - 2010-09-19 18:58 - 00000000 ____D C:\ProgramData\Lx_cats
2013-09-05 19:24 - 2012-05-31 14:21 - 00018960 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys
2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys
2013-09-01 12:05 - 2010-08-07 09:10 - 00000000 ____D C:\Program Files (x86)\Opera
2013-09-01 12:01 - 2013-09-01 12:01 - 00000000 ____D C:\Users\Philipp\AppData\Roaming\Opera Software
2013-09-01 12:01 - 2013-09-01 12:01 - 00000000 ____D C:\Users\Philipp\AppData\Local\Opera Software
Files to move or delete:
====================
C:\Users\Philipp\jagex_cl_runescape_LIVE.dat
C:\Users\Philipp\random.dat
C:\Users\Philipp\swt-win32-3740.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-21 14:31
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02
Ran by Philipp at 2013-09-29 17:02:42
Running from C:\Users\Philipp\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
3DataManager (x32 Version: 2.2)
4500_G510gm_Help (x32 Version: 000.0.439.000)
4500G510gm (x32 Version: 000.0.423.000)
4500G510gm_Software_Min (x32 Version: 000.0.423.000)
64 Bit HP CIO Components Installer (Version: 6.2.1)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Flash Player ActiveX (x32 Version: 9.0.124.0)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
Amazon MP3-Downloader 1.0.9 (x32)
Anno 1404 (x32 Version: 1.00.0000)
ANNO 1404 (x32 Version: 1.03.0000)
Assassin's Creed (x32 Version: 1.02)
Atheros Client Installation Program (x32 Version: 1.0.2.1119)
AutoCAD Mechanical 2011 (Version: 15.0.46.0)
AutoCAD Mechanical 2011 Language Pack - English (Version: 15.0.46.0)
Autodesk FitsList 1.1
Autodesk Inventor Content Center Libraries 2011 (Desktop Content) (Version: 15.0.0000.23900)
Autodesk Inventor Professional 2011 (Version: 15.0.0000.23900)
Autodesk Inventor Professional 2011 English (Version: 15.0.0000.23900)
Autodesk Inventor Professional 2011 English Language Pack (Version: 15.0.0000.23900)
Autodesk Material Library 2011 (x32 Version: 2.0.0.49)
Autodesk Material Library 2011 Base Image library (x32 Version: 2.0.0.49)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3408)
AVG 2013 (Version: 2013.0.3408)
BatteryLifeExtender (x32 Version: 1.0.1)
BufferChm (x32 Version: 130.0.331.000)
calibre (x32 Version: 0.9.7)
Canon MG5200 series MP Drivers
CCleaner (Version: 4.02)
ChargeableUSB (x32 Version: 1.0.0.0)
Cinergy Hybrid Stick V1.00.08.06a (x32 Version: 1.00.08.06a)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Creative Audio-Systemsteuerung (x32 Version: 3.00)
Creative Sound Blaster Properties x64 Edition (x32 Version: 1.03)
CyberLink DVD Suite (x32 Version: 6.0.2806)
CyberLink LabelPrint (x32 Version: 2.5.1916)
CyberLink Power2Go (x32 Version: 6.0.3108a)
CyberLink PowerDirector (x32 Version: 7.0.3213)
CyberLink PowerDVD 8 (x32 Version: 8.0.2815b)
CyberLink PowerProducer (x32 Version: 5.0.1.1812)
CyberLink YouCam (x32 Version: 2.0.3625)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Dassault Systemes Software Prerequisites x86-x64 (Version: 8.0.2)
Diablo II (x32)
Diablo III (x32 Version: 1.0.8.16603)
Dropbox (HKCU Version: 2.0.22)
DVBViewer TERRATEC Edition (x32)
DWG TrueView 2011 (Version: 18.1.49.0)
Easy Display Manager (x32 Version: 3.0)
Easy Network Manager (x32 Version: 4.2.8)
Easy SpeedUp Manager (x32 Version: 3.0.0.5)
EasyBatteryManager (x32 Version: 4.0.0.3)
eReg (x32 Version: 1.20.138.34)
ESET Online Scanner v3 (x32)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
Freemake Video Converter Version 3.2.1 (x32 Version: 3.2.1)
GaBi 5.0 Education (x32 Version: 5.0)
Galapago (x32)
Gem Shop (x32)
HappyFoto-Designer 4.4 (x32)
HP Officejet 4500 G510g-m (Version: 13.0)
Insaniquarium Deluxe (x32)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.4.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JDownloader (x32 Version: 0.89)
Junk Mail filter update (x32 Version: 14.0.8089.726)
League of Legends (x32 Version: 1.3)
LEGO Star Wars III The Clone Wars (x32 Version: 1.0)
Lexmark 3500-4500 Series
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marvell Miniport Driver (x32 Version: 11.22.3.3)
Mathcad (x32 Version: 14.0.3.0)
Mathcad PDSi viewable support (x32 Version: 9.0.0)
Mathematica Extras 9.0 (3824406) (Version: 9.0.0)
Mendeley Desktop 1.9.2 (x32 Version: 1.9.2)
Metro: Last Light (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017)
Microsoft Office Live Add-in 1.3 (x32 Version: 2.0.2313.0)
Microsoft Office Outlook Connector (x32 Version: 14.0.6123.5001)
Microsoft Office Professional Plus 2013 - de-de (Version: 15.0.4535.1004)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Network64 (Version: 130.0.374.000)
NI .NET Framework 3.5 SP1 (x32 Version: 3.50.49152)
NI AOP5 DataPlugin 1.8.0 (x32 Version: 1.8.22.0)
NI Audio DataPlugin 1.1.0 (x32 Version: 1.1.4)
NI DataFinder Client 2.2 (x32 Version: 2.2.04177)
NI DataFinder Desktop 2.2 (x32 Version: 2.2.04177)
NI DIAdem 2010 (Core) (x32 Version: 11.2.04178)
NI DIAdem 2010 (x32 Version: 11.2.04178)
NI DIAdem 2010 Dokumentation (Classic) (x32 Version: 11.2.04178)
NI EULA Depot (x32 Version: 2.71.130)
NI Help Assistant (64bit) (Version: 1.0.10)
NI Help Assistant (x32 Version: 1.0.10)
NI LabVIEW 2009 SP1 Run-Time Engine Web Services (x32 Version: 9.0.234.0)
NI LabVIEW Real-Time NBFifo (x32 Version: 9.0.319.0)
NI LabVIEW Run-Time Engine 2009 (x32 Version: 9.0.1074.0)
NI LabVIEW Run-Time Engine Interop 2009 (x32 Version: 9.0.146.0)
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 9.0.185.0)
NI License Manager (x32 Version: 3.4.28)
NI Logos 5.1.3 (x32 Version: 5.1.131.0)
NI Logos XT Support (x32 Version: 5.1.69.0)
NI Logos64 5.1.3 (Version: 5.1.84.0)
NI Logos64 XT Support (Version: 5.1.66.0)
NI Math Kernel Libraries (64-bit) (Version: 1.0.14.0)
NI Math Kernel Libraries (x32 Version: 1.0.28.0)
NI MDF Support (x32 Version: 2.71.130)
NI MetaSuite Installer (x32 Version: 2.71.130)
NI Service Locator (x32 Version: 9.0.262.0)
NI TDM Excel Add-In 3.2 (x32 Version: 3.2.63.0)
NI TDMS (64-bit) (Version: 2.0.173.0)
NI TDMS (x32 Version: 2.0.173.0)
NI Trace Engine (64-bit) (Version: 9.0.128.0)
NI Trace Engine (x32 Version: 9.0.146.0)
NI Uninstaller (x32 Version: 2.71.130)
NI USI 1.8.0 (x32 Version: 1.8.04177)
NI USI 1.8.0 64-Bit (Version: 1.8.04177)
NI VC2005MSMs x64 (Version: 8.02.0)
NI VC2005MSMs x86 (x32 Version: 8.02.0)
NI VC2008MSMs x64 (Version: 9.0.201)
NI VC2008MSMs x86 (x32 Version: 9.0.201)
NI-Update-Dienst 1.1 (x32 Version: 1.10.65.0)
NI-Update-Dienst 1.1 Full (x32 Version: 1.10.65.0)
Nokia Connectivity Cable Driver (x32 Version: 7.1.101.0)
Nokia PC Suite (x32 Version: 7.1.180.94)
Nokia Software Updater (x32 Version: 3.0.655)
Nokia Suite (x32 Version: 3.7.22.0)
NVIDIA GeForce Experience 1.6 (Version: 1.6)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.131.854)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 7.2.17 (Version: 7.2.17)
NVIDIA Update Components (Version: 7.2.17)
NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1)
O&O Defrag Professional (Version: 12.5.339)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4505.1510)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1510)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4505.1510)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Opera 12.16 (x32 Version: 12.16.1860)
PC Connectivity Solution (x32 Version: 12.0.76.0)
PDFTK Builder 3.5.3 (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6003)
REALTEK Wireless LAN Software (x32 Version: 0133.09.1202)
Recuva (Version: 1.39)
Replay Media Catcher 4 (4.3.2) (x32 Version: 4.3.2)
Samsung Recovery Solution 4 (x32 Version: 4.0.0.6)
Samsung R-Series (x32 Version: 1.0)
Samsung Support Center (x32 Version: 1.1.0)
Samsung Update Plus (x32 Version: 2.0)
Scan (x32 Version: 13.0.0.0)
SHIELD Streaming (Version: 1.05.19)
Shrew Soft VPN Client
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.6 (x32 Version: 6.6.106)
Slingo (x32)
Software von National Instruments (x32 Version: )
Sound Blaster Live! 24-Bit External (x32)
SSH Secure Shell (x32)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
Tales of Monkey Island (x32 Version: 3.0.0.0)
TeamViewer 8 (x32 Version: 8.0.20768)
TextPad 6 (x32 Version: 6.1.3)
The Elder Scrolls V: Skyrim - GotY Edition (x32 Version: 1.9.32.0.8)
Toolbox (x32 Version: 130.0.648.000)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.3)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
User Guide (x32 Version: 1.0)
VBA (2627.01) (x32 Version: 6.03.00.9402)
VBA (3821b) (x32 Version: 6.01.00.1234)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.8 (x32 Version: 2.0.8)
WebReg (x32 Version: 130.0.132.017)
Winamp (x32 Version: 5.65 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
WinRAR
WinX Free WMV to MPEG Converter 2.0.4 (x32)
Wolfram Mathematica 9 (M-WIN-L 9.0.0 3868239) (Version: 9.0.0)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
==================== Restore Points =========================
20-09-2013 08:27:49 Geplanter Prüfpunkt
22-09-2013 06:16:01 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-04-09 18:55 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {19CC413D-BC66-4EB2-BEB7-9DEF79BCE287} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {1AA8A698-9552-4A84-84D8-898104085F4E} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {27079F23-2DFD-4B02-BECD-339C298C5BF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {34EF141E-7D50-400C-9A5C-8DACFAA75A20} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {3EA7A3D0-5959-41D9-A237-754986EBE661} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-09-13] (Microsoft Corporation)
Task: {504FBB96-5525-4CE8-A265-5B00F30FB056} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-07-22] (Microsoft Corporation)
Task: {6C53FD2F-DD13-40AB-921E-BA0D431CC5DB} - System32\Tasks\{753AA579-46A4-4729-A8EB-742E20BF745C} => c:\program files (x86)\opera\opera.exe [2013-07-06] (Opera Software)
Task: {780D9436-BB7D-4534-9498-4ED8EAC6B31E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {796AD053-1F9C-4CDD-8061-EA9ABB63BDB2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {7DC0065F-DD26-43B8-BE70-BD62D4682A57} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {8067921D-B86A-4C86-8F12-CD0EE2AAD107} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics)
Task: {83478F52-3177-4F21-B5A3-C879EF7800A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-09-13] (Microsoft Corporation)
Task: {84EED10A-6D8C-441C-8D8A-2B82BBC73916} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {B5C6AC3A-D74B-4639-A04D-8CF62E4D87E6} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-07] (Microsoft Corporation)
Task: {CAA02CD5-99D1-43B9-8861-81135328848B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {D1E74A13-3F54-49E2-8F74-EBF359044531} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {DFBE31C6-8FDD-4FF8-930D-7184586D5B35} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {FA947275-3F16-40E8-B35B-C26F56A4F294} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Philipp-PC-Philipp Philipp-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2013-09-13] (Microsoft Corporation)
Task: C:\windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Loaded Modules (whitelisted) =============
2010-08-09 14:23 - 2010-03-15 11:28 - 00166400 _____ () D:\Programme\WinRAR\rarext.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () D:\Programme\Notepad++\NppShell_05.dll
2011-07-11 12:58 - 2009-11-30 19:54 - 00089088 _____ () C:\windows\SYSTEM32\CmdRtr64.DLL
2011-07-11 12:58 - 2009-12-08 16:52 - 00230912 _____ () C:\windows\SYSTEM32\APOMgr64.DLL
2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () D:\Programme\Logitech\SetPointP\Macros\MacroCore.dll
2013-01-24 19:34 - 2013-01-24 19:34 - 00063408 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2010-04-26 10:25 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Philipp\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-28 10:29 - 2013-07-06 17:19 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2011-01-28 10:29 - 2013-07-06 17:19 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2011-01-28 10:29 - 2013-07-06 17:19 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2011-01-28 10:29 - 2013-07-06 17:19 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2011-12-10 02:27 - 2013-07-06 17:19 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2011-01-28 10:29 - 2013-07-06 17:19 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2011-01-28 10:29 - 2013-07-06 17:19 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2011-01-28 10:29 - 2013-07-06 17:19 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2011-01-28 10:29 - 2013-07-06 17:19 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2011-01-28 10:29 - 2013-07-06 17:19 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2011-01-28 10:29 - 2013-07-06 17:19 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2011-01-28 10:29 - 2013-07-06 17:19 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
2013-09-13 11:16 - 2013-09-13 11:16 - 16177544 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:E7BA7168
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet Professional M1217nfw MFP
Description: HP LaserJet Professional M1217nfw MFP
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet 4500 G510g-m
Description: Officejet 4500 G510g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: deskjet 5800
Description: deskjet 5800
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: hp
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet 4500 G510g-m
Description: Officejet 4500 G510g-m
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/29/2013 11:38:10 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/29/2013 11:37:39 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/29/2013 11:37:39 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/29/2013 11:37:39 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/29/2013 11:37:39 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (09/29/2013 11:37:27 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/29/2013 11:37:26 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (09/29/2013 11:37:26 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/29/2013 11:37:26 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/29/2013 11:37:26 AM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
System errors:
=============
Error: (09/29/2013 11:37:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/29/2013 11:37:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (09/29/2013 11:37:30 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/29/2013 11:36:01 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdiCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/29/2013 11:36:01 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdiCATSCustConnectService erreicht.
Error: (09/29/2013 11:33:03 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (09/26/2013 09:57:45 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.
Error: (09/24/2013 02:14:40 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/24/2013 02:13:41 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (09/24/2013 02:13:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdiCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (09/29/2013 11:38:10 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/29/2013 11:37:39 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/29/2013 11:37:39 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/29/2013 11:37:39 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/29/2013 11:37:39 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (09/29/2013 11:37:27 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (09/29/2013 11:37:26 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (09/29/2013 11:37:26 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (09/29/2013 11:37:26 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
Error: (09/29/2013 11:37:26 AM) (Source: Windows Search Service)(User: )
Description:
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
CodeIntegrity Errors:
===================================
Date: 2013-04-09 18:54:45.702
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-09 18:54:45.552
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-07-11 13:00:26.974
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\KSAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-11 13:00:26.943
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\KSAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-11 13:00:25.488
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\KSAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-11 13:00:25.433
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\KSAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-11 13:00:13.249
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\KSAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-11 13:00:13.219
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\KSAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-11 12:59:59.759
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\KSAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-11 12:59:59.704
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\KSAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 50%
Total physical RAM: 3949.63 MB
Available physical RAM: 1966.92 MB
Total Pagefile: 7897.43 MB
Available Pagefile: 4984.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:103.65 GB) (Free:30.9 GB) NTFS
Drive d: () (Fixed) (Total:347.01 GB) (Free:61.99 GB) NTFS
Drive f: () (Fixed) (Total:931.51 GB) (Free:246.16 GB) NTFS
Drive h: () (Removable) (Total:14.9 GB) (Free:2.79 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C760B073)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=347 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D770103F)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-29 17:20:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: GMER.exe; Driver: C:\Users\Philipp\AppData\Local\Temp\pxliyfod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80004606000 19 bytes [08, 48, 83, E1, FC, 48, 3B, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 564 fffff80004606014 1 byte [39]
---- User code sections - GMER 2.1 ----
.text D:\Programme\OODefrag\oodag.exe[3020] C:\windows\system32\kernel32.dll!SetUnhandledExceptionFilter 00000000776c9b80 13 bytes {MOV R11, 0x140001300; JMP R11}
---- Threads - GMER 2.1 ----
Thread C:\windows\System32\svchost.exe [1176:1732] 000007fef9e159a0
Thread C:\windows\System32\svchost.exe [1176:3184] 000007fefc441a70
Thread C:\windows\System32\svchost.exe [1176:4232] 000007fef40f14a0
Thread C:\windows\System32\svchost.exe [1176:4832] 000007fef1b6a2b0
Thread C:\windows\System32\svchost.exe [1176:5280] 000007fef6c444e0
Thread C:\windows\System32\svchost.exe [1176:6640] 000007fef76188f8
Thread C:\windows\System32\svchost.exe [1176:424] 000007feeac842c8
Thread C:\windows\System32\svchost.exe [1176:5024] 000007fef4b15fd0
Thread C:\windows\System32\svchost.exe [1176:5012] 000007fef4b163ec
Thread C:\windows\System32\svchost.exe [1176:6572] 000007feeb078a4c
Thread C:\windows\system32\svchost.exe [1200:4836] 000007feebcad3c8
Thread C:\windows\system32\svchost.exe [1200:1784] 000007feebcad3c8
Thread C:\windows\system32\svchost.exe [1200:6568] 000007feebcad3c8
Thread C:\windows\system32\svchost.exe [1200:6452] 000007feebcad3c8
Thread C:\windows\system32\svchost.exe [1200:2716] 000007fee81bb1b0
Thread C:\windows\system32\svchost.exe [1460:1580] 000007fefa428274
Thread C:\windows\system32\svchost.exe [1460:3808] 000007fefa428274
Thread C:\windows\System32\spoolsv.exe [1768:3628] 0000000051067f00
Thread C:\windows\System32\spoolsv.exe [1768:3716] 000007fef4d510c8
Thread C:\windows\System32\spoolsv.exe [1768:3836] 000007fef4d26144
Thread C:\windows\System32\spoolsv.exe [1768:3852] 000007fef4b15fd0
Thread C:\windows\System32\spoolsv.exe [1768:3848] 000007fef4b03438
Thread C:\windows\System32\spoolsv.exe [1768:3968] 000007fef4b163ec
Thread C:\windows\System32\spoolsv.exe [1768:3972] 000007fef4b03438
Thread C:\windows\System32\spoolsv.exe [1768:3784] 000007fef4b163ec
Thread C:\windows\System32\spoolsv.exe [1768:3584] 000007fef5565e5c
Thread C:\windows\System32\spoolsv.exe [1768:3744] 000007fef55a5074
Thread C:\windows\System32\spoolsv.exe [1768:4908] 000007fef5612288
Thread C:\windows\System32\spoolsv.exe [1768:5052] 000007fef4da8760
Thread C:\windows\System32\svchost.exe [2324:2340] 000007fefd97a808
Thread C:\windows\System32\svchost.exe [3128:3148] 000007fefd97a808
Thread C:\windows\system32\svchost.exe [4340:4952] 000007fef4b15fd0
Thread C:\windows\system32\svchost.exe [4340:4528] 000007fef4b163ec
Thread C:\windows\System32\WUDFHost.exe [4896:5064] 000007fef17e24a0
Thread C:\windows\system32\svchost.exe [6488:3408] 0000000073b7b5fc
Thread C:\windows\system32\svchost.exe [6488:6340] 0000000073b61760
Thread C:\windows\system32\svchost.exe [6488:3380] 00000000744f8b1c
Thread C:\windows\system32\svchost.exe [6488:6208] 00000000744fc740
Thread C:\windows\system32\svchost.exe [6488:6772] 000000007450498c
Thread C:\windows\system32\svchost.exe [6488:3376] 0000000073b32234
Thread C:\windows\system32\svchost.exe [6488:4396] 0000000073ba0398
Thread C:\windows\system32\svchost.exe [6488:4424] 0000000073b76394
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00040e89607f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00040e89607f@001620c2cdbe 0x18 0x80 0xC0 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00040e89607f@001d987de71d 0xBF 0xDD 0x3B 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654eb87
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f56e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9C 0xEB 0x6B 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFC 0x4E 0x98 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD7 0xD9 0x35 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAA 0xD7 0x46 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00040e89607f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00040e89607f@001620c2cdbe 0x18 0x80 0xC0 0x7B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00040e89607f@001d987de71d 0xBF 0xDD 0x3B 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654eb87 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f56e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9C 0xEB 0x6B 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFC 0x4E 0x98 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD7 0xD9 0x35 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAA 0xD7 0x46 0x5E ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Danke und LG, Philipp |
|
29.09.2013, 17:29
| #2 |
| /// the machine /// TB-Ausbilder    | Trojaner Dropper.Generic2.ANEO am USB-Stick Hi,
__________________was ist Laufwerk H? Was ist auf dem Stick genau?
__________________ |
|
29.09.2013, 17:32
| #3 |
| | Trojaner Dropper.Generic2.ANEO am USB-Stick H ist mein USB Stick (Sandisk extreme 16GB), da sind ein paar Videos und die Sicherung meiner Arbeit drauf.
__________________Abgesehen davon, die Meldung kommt aus der exe-Datei im "system" Ordner. Der enthält nur diese Datei, sonst ist er leer |
|
30.09.2013, 08:30
| #4 |
| /// the machine /// TB-Ausbilder | Trojaner Dropper.Generic2.ANEO am USB-Stick Lösch den einen Ordner. Panda USB Vaccine - Download - Filepony Das laufen lassen zum Absichern des Sticks. Scanne dann nochmal.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.09.2013, 08:58
| #5 |
| | Trojaner Dropper.Generic2.ANEO am USB-Stick OK, Panda läuft. (vaccinate USB) Welche Scans willst du haben? MBAM Quick ohne Funde. MBAM vollständig auf H ohne Funde. AVG auf H Code:
ATTFilter "Bestimmte Dateien/Ordner scannen"
"Bei diesem Scan wurde keine Infizierung gefunden"
"Ausgewählte Ordner:";"H:\"
"Gestartet:";"30.09.2013, 09:55:07"
"Beendet:";"30.09.2013, 09:55:54"
"Gescannter Objekte:";"6417"
"Benutzer:";"Philipp"
|
|
30.09.2013, 16:42
| #6 |
| /// the machine /// TB-Ausbilder | Trojaner Dropper.Generic2.ANEO am USB-Stick passt doch 
__________________ --> Trojaner Dropper.Generic2.ANEO am USB-Stick |
|
| Themen zu Trojaner Dropper.Generic2.ANEO am USB-Stick |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, antivirus, avg, avg antivirus, browser, combofix, converter, defender, device driver, excel, explorer, farbar, farbar recovery scan tool, flash player, home, installation, mozilla, msiinstaller, national, neustart, officejet, plug-in, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, system error, temp, trojaner |
Linear-Darstellung
