| |
| |||||||
Log-Analyse und Auswertung: Nach Fund von Generic probleme mit dem PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.11.2013, 14:04
| #1 |
 |  Nach Fund von Generic probleme mit dem PC Hallo Leute, ich habe auf meinem Rechner 3 Benutzer, Admin, meine Frau und mich. Vor einigen Tagen hat meine Frau über AVG 6 Generic-Warnungen bekommen und auch entfernt. Einige Tage später hatte auch ich eine Generic Warnung. Als Admin melde ich mich so gut wie nie an, wenn dann gehen wir über unsere Benutzer auf den PC. Seit meinen Funden startet der PC extrem langsam, die Maus und die Tastatur schalten sich ab und der rechner hängt (ohne BS oder sonstige meldungen). Nach einigen minuten läuft dann alles wieder (ohne neustart). Die Logfile von AVG finde ich leider nicht, ich habe jetzt einen screenshot der Quarantäne gemacht, aber nur von meiner Oberfläche. An meine Frau Ihr AVG komme ich gerade nicht. Beim Scan von GMER ist immer wieder die Nachricht gekommen ich solle einen Datenträger einlegen (insgesamt bestimmt 30 mal, immer im wechsel der Laufwerke, z.B.DR3). Habe jedesmal auf weiter geklickt. Vielen Dank schon mal für eure Hilfe! Logfiles: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:03 on 09/11/2013 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Paul at 2013-11-09 13:09:15
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
AAVUpdateManager (Version: 18.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Photoshop Lightroom 3.3 (Version: 3.3.1)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
AIDA64 Extreme Edition v2.30 (Version: 2.30)
AoA Audio Extractor
Ask Toolbar (Version: 1.15.4.0)
Ask Toolbar Updater (HKCU Version: 1.2.0.20064)
AVG 2014 (Version: 14.0.3629)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
AVG Security Toolbar (Version: 17.0.1.12)
BitGuard
BrettspielWelt (Version: 1.0)
CDBurnerXP (Version: 4.5.2.4291)
Counter-Strike(TM) (Version: 1.0.0.0)
CrystalDiskInfo 5.1.0 (Version: 5.1.0)
Data Lifeguard Diagnostic for Windows 1.24
Delta Chrome Toolbar
Delta toolbar (Version: 1.8.24.6)
DVD Shrink version 4.2 (Version: 4.2)
EPSON Scan
EVEREST Home Edition v2.20 (Version: 2.20)
Firebird SQL Server - MAGIX Edition (Version: 2.1.26.0)
Free YouTube to MP3 Converter version 3.12.12.827 (Version: 3.12.12.827)
FreePDF (Remove only)
Full Tilt Poker.Eu (HKCU Version: 4.57.4.WIN.FullTilt.EU)
Gothic II
GPL Ghostscript (Version: 9.04)
GT Speed Racing (Version: 1.00.0000)
GTAIII
ImgBurn (Version: 2.5.7.0)
Iminent (Version: 6.18.21.0)
IsoBuster 3.0 (Version: 3.0)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
M.U.D. TV (Version: 1.0.7.1)
MAGIX Content und Soundpools (Version: 1.0.0.0)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0)
MAGIX Music Maker 16 Premium Download-Version (Version: 16.0.0.30)
MAGIX Music Maker 2013 Trial Soundpools (Version: 1.0.0.0)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (Version: 7.0.1.27)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office Excel Viewer (Version: 12.0.6219.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mount&Blade
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nokia Connectivity Cable Driver (Version: 7.1.78.0)
Nokia Suite (Version: 3.5.34.0)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.125.816)
NVIDIA PhysX (Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 6.4.23 (Version: 6.4.23)
NVIDIA Update Components (Version: 6.4.23)
Paint.NET v3.5.10 (Version: 3.60.0)
PC Connectivity Solution (Version: 12.0.32.0)
PC Inspector smart recovery (Version: 4.50)
Platform (Version: 1.39)
PrintKey2000
Realtek Ethernet Controller Driver (Version: 6.250.908.2011)
Recuva (Version: 1.44)
Red Alert Windows 95
RedMon - Redirection Port Monitor
RTP for RM2K (Png, Wav, Midi, Fonts)
Sauerbraten
Search Protect (Version: 2.8.11.9)
Sewer Run
SopCast 3.2.9 (Version: 3.2.9)
Steam(TM) (Version: 1.0.0.0)
SWFPlayer 2.6.2.0 (Version: 2.6.2.0)
swMSM (Version: 12.0.0.1)
Text-To-Speech-Runtime (Version: 1.0.0.0)
TubeSaver-1 (Version: 1.28.153.3)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
VIA Plattform-Geräte-Manager (Version: 1.39)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.0.7 (Version: 2.0.7)
Warspear Online (HKCU Version: 3.1.0)
Westwood Online
Wildlife Park 2 (Version: 1.25)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
X-1 Super Boost 1.0 (Version: 1.0)
XMedia Recode Version 3.1.4.1 (Version: 3.1.4.1)
Zoo Tycoon-Erweiterungen
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2012-09-13 14:18 - 2012-09-13 14:18 - 00000792 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => ?
Task: C:\Windows\Tasks\TubeSaver-1-codedownloader.job => ?
Task: C:\Windows\Tasks\TubeSaver-1-enabler.job => ?
Task: C:\Windows\Tasks\TubeSaver-1-firefoxinstaller.job => ?
Task: C:\Windows\Tasks\TubeSaver-1-updater.job => ?
==================== Loaded Modules (whitelisted) =============
2013-10-24 19:27 - 2013-09-23 12:55 - 02704352 _____ () C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
2013-02-12 09:27 - 2012-10-25 10:25 - 00080504 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2013-02-12 09:27 - 2012-10-25 10:25 - 00113272 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2013-10-03 07:43 - 2013-10-03 07:43 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
2013-10-03 07:43 - 2013-10-03 07:43 - 00142360 _____ () C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 08506792 _____ () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 02353576 _____ () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 01013672 _____ () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 00363944 _____ () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 02480552 _____ () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 01346472 _____ () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 00205736 _____ () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 02652584 _____ () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 00032680 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 00035240 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 00206760 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 11166120 _____ () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
2012-08-03 15:07 - 2012-08-03 15:07 - 00276392 _____ () C:\Program Files\Nokia\Nokia Suite\phonon4.dll
2012-07-02 10:29 - 2012-07-02 10:29 - 00391600 _____ () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
2012-07-02 10:29 - 2012-07-02 10:29 - 00059280 _____ () C:\Program Files\Nokia\Nokia Suite\securestorage.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 00437672 _____ () C:\Program Files\Nokia\Nokia Suite\NService.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 00445864 _____ () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 00520104 _____ () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
2012-08-03 15:06 - 2012-08-03 15:06 - 00720296 _____ () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
2012-08-03 15:05 - 2012-08-03 15:05 - 00604072 _____ () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
2012-07-02 10:28 - 2012-07-02 10:28 - 00110080 _____ () C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
2013-10-21 08:38 - 2013-10-21 08:38 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Paul\Desktop\726493_136796046484106_32327_n.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Paul\Desktop\868467_228011363990668_798072532_n.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Paul\Desktop\Apfelschnitzen.mp4:TOC.WMV
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/07/2013 09:46:52 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 24.0.0.5001 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 152c
Anfangszeit: 01cedbf34adcf1c5
Zeitpunkt der Beendigung: 476
Error: (11/05/2013 01:19:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/05/2013 01:19:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/04/2013 04:42:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/04/2013 04:42:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/04/2013 11:32:35 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 24.0.0.5001 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1368
Anfangszeit: 01ced947f8dd9fd5
Zeitpunkt der Beendigung: 40
Error: (11/01/2013 03:24:09 PM) (Source: Application Hang) (User: )
Description: Programm dvdshrinksetup.tmp, Version 51.52.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1734
Anfangszeit: 01ced6ec3d3ee21b
Zeitpunkt der Beendigung: 2
Error: (10/25/2013 09:52:12 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 24.0.0.5001, Zeitstempel 0x522fd29f, fehlerhaftes Modul xul.dll, Version 24.0.0.5001, Zeitstempel 0x522fd1a4, Ausnahmecode 0xc0000005, Fehleroffset 0x001b72a8,
Prozess-ID 0xddc, Anwendungsstartzeit firefox.exe0.
Error: (10/24/2013 07:48:17 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{6E3D735E-B1FB-4915-9FA4-9D273C418FC4}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (10/24/2013 07:38:43 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\PAUL\PICTURES\LIGHTROOM\LIGHTROOM 3 CATALOG PREVIEWS.LRDATA\PREVIEWS.DB-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (11/09/2013 00:57:44 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent
Error: (11/03/2013 00:25:46 PM) (Source: Service Control Manager) (User: )
Description: Steam Client Service%%1053
Error: (11/03/2013 00:25:46 PM) (Source: Service Control Manager) (User: )
Description: 30000Steam Client Service
Error: (10/30/2013 09:38:42 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A441E431-9D28-40F1-90DE-9DDE53B263-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (10/29/2013 10:17:00 PM) (Source: Service Control Manager) (User: )
Description: BitGuard%%3
Error: (10/29/2013 10:16:00 PM) (Source: Service Control Manager) (User: )
Description: BitGuard%%3
Error: (10/29/2013 10:15:00 PM) (Source: Service Control Manager) (User: )
Description: BitGuard%%3
Error: (10/29/2013 10:14:00 PM) (Source: Service Control Manager) (User: )
Description: BitGuard%%3
Error: (10/29/2013 10:13:00 PM) (Source: Service Control Manager) (User: )
Description: BitGuard%%3
Error: (10/29/2013 10:12:00 PM) (Source: Service Control Manager) (User: )
Description: BitGuard%%3
Microsoft Office Sessions:
=========================
Error: (11/07/2013 09:46:52 PM) (Source: Application Hang)(User: )
Description: firefox.exe24.0.0.5001152c01cedbf34adcf1c5476
Error: (11/05/2013 01:19:01 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL
Error: (11/05/2013 01:19:01 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL
Error: (11/04/2013 04:42:23 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL
Error: (11/04/2013 04:42:23 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL
Error: (11/04/2013 11:32:35 AM) (Source: Application Hang)(User: )
Description: firefox.exe24.0.0.5001136801ced947f8dd9fd540
Error: (11/01/2013 03:24:09 PM) (Source: Application Hang)(User: )
Description: dvdshrinksetup.tmp51.52.0.0173401ced6ec3d3ee21b2
Error: (10/25/2013 09:52:12 PM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001522fd29fxul.dll24.0.0.5001522fd1a4c0000005001b72a8ddc01ced1bd9c08237a
Error: (10/24/2013 07:48:17 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{6E3D735E-B1FB-4915-9FA4-9D273C418FC4}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (10/24/2013 07:38:43 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\PAUL\PICTURES\LIGHTROOM\LIGHTROOM 3 CATALOG PREVIEWS.LRDATA\PREVIEWS.DB-JOURNAL
CodeIntegrity Errors:
===================================
Date: 2013-11-09 13:08:59.361
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-09 13:08:59.269
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-09 13:08:59.168
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-09 13:08:59.070
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-11 18:14:23.838
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-11 18:14:23.729
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-11 18:14:23.636
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-11 18:14:23.542
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-11 18:14:19.127
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-11 18:14:19.018
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 3325.16 MB
Available physical RAM: 1774.9 MB
Total Pagefile: 6874.82 MB
Available Pagefile: 4873.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.42 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:502.03 GB) (Free:210.87 GB) NTFS
Drive d: (C_FREEDOS9) (Fixed) (Total:429.37 GB) (Free:95.45 GB) FAT32 ==>[System with boot components (obtained from reading drive)]
Drive f: (USB) (Removable) (Total:7.86 GB) (Free:6.54 GB) FAT32
Drive i: () (Removable) (Total:7.36 GB) (Free:5.97 GB) FAT32
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Paul (ATTENTION: The logged in user is not administrator) on ADMIN-PC on 09-11-2013 13:08:21
Running from C:\Users\Paul\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Iminent) C:\Program Files\Iminent\Iminent.exe
(Iminent) C:\Program Files\Iminent\Iminent.Messengers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Fred's Software) C:\Program Files\PrintKey2000\Printkey2000.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Conduit) C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1568976 2012-06-20] (Ask)
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [4045432 2012-10-25] (VIA)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2404376 2013-10-03] ()
HKLM\...\Run: [Iminent] - C:\Program Files\Iminent\Iminent.exe [1074736 2013-04-30] (Iminent)
HKLM\...\Run: [IminentMessenger] - C:\Program Files\Iminent\Iminent.Messengers.exe [884784 2013-04-30] (Iminent)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-07-03] (NVIDIA Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [SPUpdSentinel] - "C:\Program Files\Common Files\Umbrella\umbrella_bkp.exe" -SERVICEARGS=c [2864448 2013-11-07] (Iminent)
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1086376 2012-08-03] (Nokia)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll [ 2013-09-23] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBEEA6BEBD9B3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {F5FE65FE-147A-4155-8500-D1A3FF8532FD} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=D96924A9-CAF9-4B56-88BC-3CDAA1C42DD4&apn_sauid=2CBBBA6D-95B1-42FA-A329-A0E32CCF1005
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default
FF NewTab: www.google.de
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TubeSaver-1 - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\951bb5c8-a6ed-4af6-a53c-1d3eec03d6dd@b61ef5da-5b52-4500-a9b4-273eca044964.com
FF Extension: No Name - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\staged
FF Extension: DownloadHelper - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Flash and Video Download - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: adblockpopups - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: webbooster - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\webbooster@iminent.com.xpi
FF Extension: youtube2mp3 - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: noscript - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12
FF HKLM\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xtvmt9vk.default\extensions\webbooster@iminent.com
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [1735968 2013-10-31] (Conduit)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3B69A712-4CBC-40B1-AE55-0203075FD093}\Installer\InstallerService.exe [118784 2012-08-27] ()
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 SProtection; C:\Program Files\Common Files\Umbrella\umbrella.exe [2894144 2013-11-08] (Iminent)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
R2 vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-03] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-03] (AVG Technologies)
S3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [94208 2013-11-01] (VSO Software)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-09 13:08 - 2013-11-09 13:08 - 00377856 _____ C:\Users\Paul\Downloads\cg7wgqqh.exe
2013-11-09 13:08 - 2013-11-09 13:08 - 00000000 ____D C:\FRST
2013-11-09 13:07 - 2013-11-09 13:07 - 01089445 _____ (Farbar) C:\Users\Paul\Desktop\FRST.exe
2013-11-09 13:03 - 2013-11-09 13:03 - 00000472 _____ C:\Users\Paul\Desktop\defogger_disable.log
2013-11-09 13:03 - 2013-11-09 13:03 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-09 13:02 - 2013-11-09 13:02 - 00050477 _____ C:\Users\Paul\Desktop\Defogger.exe
2013-11-09 12:58 - 2013-11-09 12:58 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-11-06 20:57 - 2013-11-06 20:57 - 00000000 ____D C:\Windows\system32\SearchProtect
2013-11-04 16:10 - 2013-11-04 16:10 - 00000000 ____D C:\Users\Paul\Desktop\Bernd
2013-11-04 11:33 - 2013-11-04 11:33 - 00853364 _____ (Alpha Interactive ) C:\Users\Paul\Downloads\swfsetup26.exe
2013-11-04 11:33 - 2013-11-04 11:33 - 00000000 ____D C:\Program Files\SWFPlayer
2013-11-04 11:25 - 2013-11-04 11:25 - 14288339 _____ C:\Users\Paul\Downloads\arcuz---behind-the-dark.swf
2013-11-02 14:30 - 2013-11-02 14:30 - 00000000 ____D C:\Users\Ines\AppData\Local\SearchProtect
2013-11-01 11:31 - 2013-11-01 11:53 - 00000000 ____D C:\Users\Paul\Desktop\VIDEO_TS
2013-11-01 11:24 - 2013-11-01 11:24 - 00000823 _____ C:\Users\Public\Desktop\DVD Shrink.lnk
2013-11-01 11:24 - 2013-11-01 11:24 - 00000000 ____D C:\Program Files\DVD Shrink
2013-11-01 11:21 - 2013-11-01 11:22 - 38999464 _____ (DVDShrink ) C:\Users\Admin\Desktop\dvdshrinksetup.exe
2013-11-01 11:20 - 2013-11-01 11:20 - 01544704 _____ C:\Windows\is-T8HOK.exe
2013-11-01 11:20 - 2013-11-01 11:20 - 00400728 _____ (Softonic ) C:\Users\Paul\Downloads\SoftonicDownloader_fuer_dvd-shrink.exe
2013-11-01 11:20 - 2013-11-01 11:20 - 00025599 _____ C:\Windows\is-T8HOK.msg
2013-11-01 11:20 - 2013-11-01 11:20 - 00000291 _____ C:\Windows\is-T8HOK.lst
2013-11-01 10:05 - 2013-11-01 10:53 - 00000000 ____D C:\Users\Paul\Documents\BlindWrite
2013-11-01 10:04 - 2013-11-01 11:19 - 00000000 ____D C:\Users\Paul\AppData\Roaming\VSO
2013-11-01 10:02 - 2013-11-01 10:02 - 00000048 _____ C:\Windows\EA5C311A3FC1D6FB.log
2013-11-01 10:01 - 2013-11-01 11:28 - 00000033 _____ C:\Users\Admin\AppData\Roaming\ezplay.log
2013-11-01 09:59 - 2013-11-06 20:57 - 00000000 ____D C:\Program Files\SearchProtect
2013-11-01 09:59 - 2013-11-01 11:28 - 00094208 _____ (VSO Software) C:\Users\Admin\AppData\Roaming\ezplay.sys
2013-11-01 09:59 - 2013-11-01 11:28 - 00087608 _____ C:\Users\Admin\AppData\Roaming\inst.exe
2013-11-01 09:59 - 2013-11-01 11:28 - 00007861 _____ C:\Users\Admin\AppData\Roaming\ezplay.cat
2013-11-01 09:59 - 2013-11-01 11:28 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Vso
2013-11-01 09:59 - 2013-11-01 11:27 - 00000000 ____D C:\Program Files\PC Speed Maximizer
2013-11-01 09:59 - 2013-11-01 09:59 - 00094208 _____ (VSO Software) C:\Windows\system32\Drivers\ezplay.sys
2013-11-01 09:59 - 2013-11-01 09:59 - 00000125 _____ C:\Users\Admin\AppData\Roaming\ezplay.ini
2013-11-01 09:59 - 2013-11-01 09:59 - 00000000 ____D C:\Users\Paul\AppData\Local\SearchProtect
2013-11-01 09:59 - 2013-11-01 09:59 - 00000000 ____D C:\Users\Admin\AppData\Local\SearchProtect
2013-11-01 09:58 - 2013-11-01 09:59 - 09409744 _____ (VSO Software ) C:\Users\Paul\Downloads\BlindWrite6_setup1.exe
2013-11-01 09:58 - 2013-11-01 09:58 - 01128904 _____ (Conduit) C:\Users\Paul\Downloads\BlindWrite6_setup.exe
2013-11-01 09:51 - 2013-11-01 09:51 - 05185720 _____ C:\Users\Paul\Downloads\SetupCloneDVD2930(1).exe
2013-10-24 19:27 - 2013-10-24 19:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-21 20:52 - 2013-10-21 20:52 - 00000033 _____ C:\Users\Ines\Desktop\debug.log
2013-10-21 08:38 - 2013-10-21 08:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-20 18:30 - 2013-10-20 18:42 - 00000000 ____D C:\Users\Ines\Desktop\Neuer Ordner (3)
2013-10-20 18:26 - 2013-10-24 17:59 - 00000000 ____D C:\Users\Ines\Desktop\bilder handy ines
2013-10-16 14:43 - 2013-10-16 14:54 - 00000000 ____D C:\Users\Paul\Desktop\Fußball Luca
2013-10-16 14:13 - 2013-10-16 14:28 - 00000000 ____D C:\Users\Paul\Desktop\Fußball
==================== One Month Modified Files and Folders =======
2013-11-09 13:08 - 2013-11-09 13:08 - 00377856 _____ C:\Users\Paul\Downloads\cg7wgqqh.exe
2013-11-09 13:08 - 2013-11-09 13:08 - 00000000 ____D C:\FRST
2013-11-09 13:07 - 2013-11-09 13:07 - 01089445 _____ (Farbar) C:\Users\Paul\Desktop\FRST.exe
2013-11-09 13:06 - 2006-11-02 13:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-09 13:06 - 2006-11-02 13:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-09 13:03 - 2013-11-09 13:03 - 00000472 _____ C:\Users\Paul\Desktop\defogger_disable.log
2013-11-09 13:03 - 2013-11-09 13:03 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-09 13:03 - 2012-07-31 19:17 - 00000000 ____D C:\Users\Admin
2013-11-09 13:02 - 2013-11-09 13:02 - 00050477 _____ C:\Users\Paul\Desktop\Defogger.exe
2013-11-09 13:02 - 2009-04-11 13:37 - 01448406 _____ C:\Windows\WindowsUpdate.log
2013-11-09 12:59 - 2013-05-13 12:38 - 00000000 ____D C:\Program Files\Common Files\Umbrella
2013-11-09 12:59 - 2012-12-17 08:47 - 00000000 ____D C:\ProgramData\MFAData
2013-11-09 12:59 - 2009-04-11 17:55 - 01559202 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-09 12:58 - 2013-11-09 12:58 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-11-09 12:57 - 2013-05-13 12:38 - 00000000 ____D C:\Program Files\Iminent
2013-11-09 12:54 - 2013-09-23 17:25 - 00001802 _____ C:\Windows\Tasks\TubeSaver-1-firefoxinstaller.job
2013-11-09 12:54 - 2013-09-23 17:25 - 00001278 _____ C:\Windows\Tasks\TubeSaver-1-updater.job
2013-11-09 12:54 - 2013-09-23 17:25 - 00001182 _____ C:\Windows\Tasks\TubeSaver-1-codedownloader.job
2013-11-09 12:54 - 2013-09-23 17:25 - 00001082 _____ C:\Windows\Tasks\TubeSaver-1-enabler.job
2013-11-09 12:53 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-08 22:42 - 2006-11-02 14:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-06 20:57 - 2013-11-06 20:57 - 00000000 ____D C:\Windows\system32\SearchProtect
2013-11-06 20:57 - 2013-11-01 09:59 - 00000000 ____D C:\Program Files\SearchProtect
2013-11-05 22:30 - 2013-09-23 17:25 - 00000000 ____D C:\Program Files\TubeSaver-1
2013-11-04 16:10 - 2013-11-04 16:10 - 00000000 ____D C:\Users\Paul\Desktop\Bernd
2013-11-04 11:33 - 2013-11-04 11:33 - 00853364 _____ (Alpha Interactive ) C:\Users\Paul\Downloads\swfsetup26.exe
2013-11-04 11:33 - 2013-11-04 11:33 - 00000000 ____D C:\Program Files\SWFPlayer
2013-11-04 11:30 - 2012-08-03 14:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-04 11:30 - 2012-08-03 14:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-04 11:30 - 2012-08-02 18:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-11-04 11:25 - 2013-11-04 11:25 - 14288339 _____ C:\Users\Paul\Downloads\arcuz---behind-the-dark.swf
2013-11-03 21:12 - 2012-12-05 10:05 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-11-03 12:21 - 2012-08-27 23:12 - 00055808 _____ C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-02 14:30 - 2013-11-02 14:30 - 00000000 ____D C:\Users\Ines\AppData\Local\SearchProtect
2013-11-02 14:29 - 2012-09-11 08:12 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-11-01 11:53 - 2013-11-01 11:31 - 00000000 ____D C:\Users\Paul\Desktop\VIDEO_TS
2013-11-01 11:28 - 2013-11-01 10:01 - 00000033 _____ C:\Users\Admin\AppData\Roaming\ezplay.log
2013-11-01 11:28 - 2013-11-01 09:59 - 00094208 _____ (VSO Software) C:\Users\Admin\AppData\Roaming\ezplay.sys
2013-11-01 11:28 - 2013-11-01 09:59 - 00087608 _____ C:\Users\Admin\AppData\Roaming\inst.exe
2013-11-01 11:28 - 2013-11-01 09:59 - 00007861 _____ C:\Users\Admin\AppData\Roaming\ezplay.cat
2013-11-01 11:28 - 2013-11-01 09:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Vso
2013-11-01 11:27 - 2013-11-01 09:59 - 00000000 ____D C:\Program Files\PC Speed Maximizer
2013-11-01 11:27 - 2013-02-05 09:10 - 00000000 ____D C:\Program Files\Elaborate Bytes
2013-11-01 11:26 - 2012-08-07 20:27 - 00000000 ____D C:\Users\Paul\AppData\Roaming\vlc
2013-11-01 11:24 - 2013-11-01 11:24 - 00000823 _____ C:\Users\Public\Desktop\DVD Shrink.lnk
2013-11-01 11:24 - 2013-11-01 11:24 - 00000000 ____D C:\Program Files\DVD Shrink
2013-11-01 11:22 - 2013-11-01 11:21 - 38999464 _____ (DVDShrink ) C:\Users\Admin\Desktop\dvdshrinksetup.exe
2013-11-01 11:20 - 2013-11-01 11:20 - 01544704 _____ C:\Windows\is-T8HOK.exe
2013-11-01 11:20 - 2013-11-01 11:20 - 00400728 _____ (Softonic ) C:\Users\Paul\Downloads\SoftonicDownloader_fuer_dvd-shrink.exe
2013-11-01 11:20 - 2013-11-01 11:20 - 00025599 _____ C:\Windows\is-T8HOK.msg
2013-11-01 11:20 - 2013-11-01 11:20 - 00000291 _____ C:\Windows\is-T8HOK.lst
2013-11-01 11:20 - 2012-09-11 08:12 - 00001734 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-11-01 11:20 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-11-01 11:19 - 2013-11-01 10:04 - 00000000 ____D C:\Users\Paul\AppData\Roaming\VSO
2013-11-01 10:53 - 2013-11-01 10:05 - 00000000 ____D C:\Users\Paul\Documents\BlindWrite
2013-11-01 10:02 - 2013-11-01 10:02 - 00000048 _____ C:\Windows\EA5C311A3FC1D6FB.log
2013-11-01 09:59 - 2013-11-01 09:59 - 00094208 _____ (VSO Software) C:\Windows\system32\Drivers\ezplay.sys
2013-11-01 09:59 - 2013-11-01 09:59 - 00000125 _____ C:\Users\Admin\AppData\Roaming\ezplay.ini
2013-11-01 09:59 - 2013-11-01 09:59 - 00000000 ____D C:\Users\Paul\AppData\Local\SearchProtect
2013-11-01 09:59 - 2013-11-01 09:59 - 00000000 ____D C:\Users\Admin\AppData\Local\SearchProtect
2013-11-01 09:59 - 2013-11-01 09:58 - 09409744 _____ (VSO Software ) C:\Users\Paul\Downloads\BlindWrite6_setup1.exe
2013-11-01 09:58 - 2013-11-01 09:58 - 01128904 _____ (Conduit) C:\Users\Paul\Downloads\BlindWrite6_setup.exe
2013-11-01 09:55 - 2013-02-05 09:11 - 00000085 ___SH C:\ProgramData\.zreglib
2013-11-01 09:51 - 2013-11-01 09:51 - 05185720 _____ C:\Users\Paul\Downloads\SetupCloneDVD2930(1).exe
2013-10-29 06:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-10-25 07:08 - 2013-01-15 20:03 - 00000000 ____D C:\Users\Paul\AppData\Local\Paint.NET
2013-10-25 07:00 - 2013-09-22 21:49 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-25 07:00 - 2008-01-21 03:47 - 00116518 _____ C:\Windows\PFRO.log
2013-10-24 19:27 - 2013-10-24 19:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-24 19:27 - 2012-08-02 17:15 - 00054272 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-24 19:18 - 2012-10-15 21:52 - 00005632 _____ C:\Users\Ines\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-24 17:59 - 2013-10-20 18:26 - 00000000 ____D C:\Users\Ines\Desktop\bilder handy ines
2013-10-22 07:09 - 2013-03-01 14:21 - 00000000 ____D C:\Users\Paul\AppData\Local\FreePDF_XP
2013-10-21 20:52 - 2013-10-21 20:52 - 00000033 _____ C:\Users\Ines\Desktop\debug.log
2013-10-21 17:32 - 2012-08-29 15:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-21 14:05 - 2013-04-01 23:30 - 00000000 ____D C:\Users\Paul\AppData\Local\AVG Secure Search
2013-10-21 08:38 - 2013-10-21 08:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-20 19:03 - 2012-10-29 20:45 - 00000000 ____D C:\Users\Ines\AppData\Roaming\vlc
2013-10-20 18:42 - 2013-10-20 18:30 - 00000000 ____D C:\Users\Ines\Desktop\Neuer Ordner (3)
2013-10-16 14:54 - 2013-10-16 14:43 - 00000000 ____D C:\Users\Paul\Desktop\Fußball Luca
2013-10-16 14:28 - 2013-10-16 14:13 - 00000000 ____D C:\Users\Paul\Desktop\Fußball
2013-10-14 21:58 - 2013-09-26 17:56 - 00000000 ____D C:\Users\Ines\AppData\Local\Avg2014
2013-10-11 18:44 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 17:14 - 2013-09-25 19:45 - 00000858 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-10 06:53 - 2006-11-02 13:47 - 00323120 _____ C:\Windows\system32\FNTCACHE.DAT
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Admin\AppData\Local\Temp\nse1BB0.exe
C:\Users\Admin\AppData\Local\Temp\nse6657.exe
C:\Users\Admin\AppData\Local\Temp\nsu19EB.exe
C:\Users\Admin\AppData\Local\Temp\nsu683C.exe
C:\Users\Ines\AppData\Local\Temp\AskSLib.dll
C:\Users\Ines\AppData\Local\Temp\SPSetup.exe
C:\Users\Paul\AppData\Local\Temp\AskSLib.dll
C:\Users\Paul\AppData\Local\Temp\bassmod.dll
C:\Users\Paul\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-09 13:34:31
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB
Running: cg7wgqqh.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x94ED2690]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x94ED27B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x94ED2010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x94ED2490]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x94ED22D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x94ED23B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x94ED2110]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x94ED21F0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x94ED2590]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 3BD 824F2A08 8 Bytes [90, 26, ED, 94, B0, 27, ED, ...] {NOP ; IN EAX, DX; XCHG ESP, EAX; MOV AL, 0x27; IN EAX, DX; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 3F1 824F2A3C 4 Bytes [10, 20, ED, 94] {ADC [EAX], AH; IN EAX, DX; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 40D 824F2A58 4 Bytes [90, 24, ED, 94] {NOP ; AND AL, 0xed; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 611 824F2C5C 8 Bytes [D0, 22, ED, 94, B0, 23, ED, ...] {SHL BYTE [EDX], 0x1; IN EAX, DX; XCHG ESP, EAX; MOV AL, 0x23; IN EAX, DX; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 621 824F2C6C 8 Bytes [10, 21, ED, 94, F0, 21, ED, ...] {ADC [ECX], AH; IN EAX, DX; XCHG ESP, EAX; AND EBP, EBP; XCHG ESP, EAX}
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\spoolsv.exe[328] USER32.dll!DialogBoxParamW 764510B0 5 Bytes JMP 742246B0 c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll
.text C:\Windows\System32\WUDFHost.exe[420] USER32.dll!DialogBoxParamW 764510B0 5 Bytes JMP 742246B0 c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll
.text C:\Windows\system32\svchost.exe[448] USER32.dll!DialogBoxParamW 764510B0 5 Bytes JMP 742246B0 c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll
.text C:\Windows\system32\wininit.exe[828] USER32.dll!DialogBoxParamW 764510B0 5 Bytes JMP 742246B0 c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll
.text C:\Windows\system32\services.exe[876] USER32.dll!DialogBoxParamW 764510B0 5 Bytes JMP 742246B0 c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- EOF - GMER 2.1 ----
__________________ Grüße Die Viba Wer Rechtschreibfehler findet, darf sie behalten!  |
|
09.11.2013, 17:36
| #2 | |
| /// the machine /// TB-Ausbilder    | Nach Fund von Generic probleme mit dem PC HI,
__________________unsere Tools müssen immer mit Adminrechten laufen. Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
09.11.2013, 22:05
| #3 |
| | Nach Fund von Generic probleme mit dem PC Hallo Schrauber,
__________________erst mal danke für deine Hilfe! Habe grade combofix durchlaufen lassen: Code:
ATTFilter Combofix Logfile:
__________________ |
|
10.11.2013, 15:49
| #4 |
| /// the machine /// TB-Ausbilder | Nach Fund von Generic probleme mit dem PC Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.11.2013, 20:11
| #5 |
| | Nach Fund von Generic probleme mit dem PC Einen wunderschönen guten Abend! Habe alles durchgeführt, allerdings kommt bei JRT immer die Meldung: "a bad modul has been detectet". Das programm startet zum entfernen den PC neu, aber die gleiche Meldung kommt wieder. Hier die Logs: Code:
ATTFilter
2013/11/10 18:51:22 +0100 ADMIN-PC Paul MESSAGE Executing scheduled update: Daily
2013/11/10 18:51:26 +0100 ADMIN-PC Paul MESSAGE Starting protection
2013/11/10 18:51:26 +0100 ADMIN-PC Paul MESSAGE Protection started successfully
2013/11/10 18:51:26 +0100 ADMIN-PC Paul MESSAGE Starting IP protection
2013/11/10 18:51:39 +0100 ADMIN-PC Paul MESSAGE IP Protection started successfully
2013/11/10 18:51:45 +0100 ADMIN-PC Paul MESSAGE Starting database refresh
2013/11/10 18:51:45 +0100 ADMIN-PC Paul MESSAGE Scheduled update executed successfully: database updated from version v2013.04.04.07 to version v2013.11.10.03
2013/11/10 18:51:45 +0100 ADMIN-PC Paul MESSAGE Stopping IP protection
2013/11/10 18:51:45 +0100 ADMIN-PC Paul MESSAGE IP Protection stopped successfully
2013/11/10 18:51:48 +0100 ADMIN-PC Paul MESSAGE Database refreshed successfully
2013/11/10 18:51:48 +0100 ADMIN-PC Paul MESSAGE Starting IP protection
2013/11/10 18:51:51 +0100 ADMIN-PC Paul MESSAGE IP Protection started successfully
2013/11/10 18:53:49 +0100 ADMIN-PC Paul DETECTION C:\Program Files\Common Files\Umbrella\umbrella.exe PUP.Optional.Iminent QUARANTINE
2013/11/10 18:53:50 +0100 ADMIN-PC Paul ERROR Quarantine failed: DeleteFile failed with error code 5
2013/11/10 18:53:53 +0100 ADMIN-PC Paul DETECTION C:\Program Files\Common Files\Umbrella\umbrella.exe PUP.Optional.Iminent QUARANTINE
2013/11/10 18:53:53 +0100 ADMIN-PC Paul ERROR Quarantine failed: DeleteFile failed with error code 5
2013/11/10 18:54:08 +0100 ADMIN-PC Paul DETECTION C:\Program Files\Common Files\Umbrella\umbrella.exe PUP.Optional.Iminent QUARANTINE
2013/11/10 18:54:09 +0100 ADMIN-PC Paul ERROR Quarantine failed: DeleteFile failed with error code 5
2013/11/10 19:16:19 +0100 ADMIN-PC (null) MESSAGE Starting protection
2013/11/10 19:16:19 +0100 ADMIN-PC (null) MESSAGE Protection started successfully
2013/11/10 19:16:19 +0100 ADMIN-PC (null) MESSAGE Starting IP protection
2013/11/10 19:16:21 +0100 ADMIN-PC (null) MESSAGE IP Protection started successfully
2013/11/10 19:53:21 +0100 ADMIN-PC (null) MESSAGE Starting protection
2013/11/10 19:53:21 +0100 ADMIN-PC (null) MESSAGE Protection started successfully
2013/11/10 19:53:21 +0100 ADMIN-PC (null) MESSAGE Starting IP protection
2013/11/10 19:53:23 +0100 ADMIN-PC (null) MESSAGE IP Protection started successfully
2013/11/10 19:59:49 +0100 ADMIN-PC Paul MESSAGE Starting protection
2013/11/10 19:59:50 +0100 ADMIN-PC Paul MESSAGE Protection started successfully
2013/11/10 19:59:50 +0100 ADMIN-PC Paul MESSAGE Starting IP protection
2013/11/10 19:59:52 +0100 ADMIN-PC Paul MESSAGE IP Protection started successfully
Code:
ATTFilter AdwCleaner Logfile:
__________________ Grüße Die Viba Wer Rechtschreibfehler findet, darf sie behalten! |
|
11.11.2013, 10:51
| #6 |
| /// the machine /// TB-Ausbilder | Nach Fund von Generic probleme mit dem PC Das MBAM log sieht komisch aus, ist das wirklich von einem Scan?
__________________ --> Nach Fund von Generic probleme mit dem PC |
|
11.11.2013, 11:24
| #7 | |
| | Nach Fund von Generic probleme mit dem PCZitat:
Das von heute: Code:
ATTFilter
2013/11/11 07:37:31 +0100 ADMIN-PC (null) MESSAGE Starting protection
2013/11/11 07:37:31 +0100 ADMIN-PC (null) MESSAGE Protection started successfully
2013/11/11 07:37:31 +0100 ADMIN-PC (null) MESSAGE Starting IP protection
2013/11/11 07:37:33 +0100 ADMIN-PC (null) MESSAGE IP Protection started successfully
2013/11/11 07:51:31 +0100 ADMIN-PC Paul MESSAGE Executing scheduled update: Daily
2013/11/11 07:51:38 +0100 ADMIN-PC Paul MESSAGE Starting database refresh
2013/11/11 07:51:38 +0100 ADMIN-PC Paul MESSAGE Scheduled update executed successfully: database updated from version v2013.11.10.03 to version v2013.11.11.02
2013/11/11 07:51:38 +0100 ADMIN-PC Paul MESSAGE Stopping IP protection
2013/11/11 07:51:38 +0100 ADMIN-PC Paul MESSAGE IP Protection stopped successfully
2013/11/11 07:51:41 +0100 ADMIN-PC Paul MESSAGE Database refreshed successfully
2013/11/11 07:51:41 +0100 ADMIN-PC Paul MESSAGE Starting IP protection
2013/11/11 07:51:43 +0100 ADMIN-PC Paul MESSAGE IP Protection started successfully
__________________ Grüße Die Viba Wer Rechtschreibfehler findet, darf sie behalten! |
|
11.11.2013, 15:24
| #8 |
| /// the machine /// TB-Ausbilder | Nach Fund von Generic probleme mit dem PC Das sind die protection Logs, Du sollst bitte wie oben beschrieben einen Scan durchführen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.11.2013, 18:21
| #9 |
| | Nach Fund von Generic probleme mit dem PC Hi, habe gescant und danach neu gestartet. Nach dem Bild ist die Log datei da zu finden. Habe jetzt noch mal gescant und gelöscht. Einmal vor und einmal nach dem löschen: Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.11.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Paul :: ADMIN-PC [limited] Protection: Enabled 11.11.2013 16:05:08 MBAM-log-2013-11-11 (18-03-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201910 Time elapsed: 4 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> No action taken. HKCU\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> No action taken. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\BPROTECTSETTINGS (PUP.Optional.BProtector.A) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.11.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Paul :: ADMIN-PC [limited] Protection: Enabled 11.11.2013 16:05:08 mbam-log-2013-11-11 (16-05-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201910 Time elapsed: 4 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\BPROTECTSETTINGS (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
__________________ Grüße Die Viba Wer Rechtschreibfehler findet, darf sie behalten! |
|
12.11.2013, 10:19
| #10 |
| /// the machine /// TB-Ausbilder | Nach Fund von Generic probleme mit dem PCESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.11.2013, 14:02
| #11 |
| | Nach Fund von Generic probleme mit dem PC Hi Schrauber, erst mal die LOG´s: Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1561730cfbc498468d5367abde934722
# engine=15850
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-12 12:38:48
# local_time=2013-11-12 01:38:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 570167 221792656 0 0
# scanned=435419
# found=7
# cleaned=0
# scan_time=10342
sh=BCA3E670CBC31E8BEE0A9A1C86ADEAF07B9BBA17 ft=0 fh=0000000000000000 vn="Eicar test file" ac=I fn="C:\Users\Paul\Desktop\Ungesichert\Eigene Dateien\X5O.txt"
sh=BCA3E670CBC31E8BEE0A9A1C86ADEAF07B9BBA17 ft=0 fh=0000000000000000 vn="Eicar test file" ac=I fn="D:\Ungesichert\Eigene Dateien\X5O.txt"
sh=C6988D4156414AB56AD0E38641AC599B7D05660A ft=1 fh=02836672ef285068 vn="a variant of Win32/Olmarik.ZN trojan" ac=I fn="L:\Dokumente und Einstellungen\Viper\Lokale Einstellungen\Temp\16.tmp"
sh=4D4B04BB7E448C744FFD8EDB79A712213ADECCAA ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="L:\Dokumente und Einstellungen\Viper\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EG2K9MHS\uk5faob[1].html"
sh=18D28A1AFF71FCB09696DB17DE4D6DC8919392EE ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="L:\Dokumente und Einstellungen\Viper\Lokale Einstellungen\Temporary Internet Files\Content.IE5\I9YESZ3B\G13[1].htm"
sh=BCA03DA7D97F2F07F865E84E014D879A6DEDECB8 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="L:\Dokumente und Einstellungen\Viper\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8280WZD\blog[1].htm"
sh=08A8DBAAEB90C0600627508A4057EF3DC9E620FE ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NBD trojan" ac=I fn="L:\Dokumente und Einstellungen\Viper\Lokale Einstellungen\Temporary Internet Files\Content.IE5\TE3YPAWE\49571603917[1].htm"
Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` AVG AntiVirus Free Edition 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 24.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01 Ran by Paul (ATTENTION: The logged in user is not administrator) on ADMIN-PC on 12-11-2013 13:54:33 Running from C:\Users\Paul\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Fred's Software) C:\Program Files\PrintKey2000\Printkey2000.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [4045432 2012-10-25] (VIA) HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-07-03] (NVIDIA Corporation) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM\...\Runonce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1086376 2012-08-03] (Nokia) AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [ ] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBEEA6BEBD9B3CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {F5FE65FE-147A-4155-8500-D1A3FF8532FD} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=D96924A9-CAF9-4B56-88BC-3CDAA1C42DD4&apn_sauid=2CBBBA6D-95B1-42FA-A329-A0E32CCF1005 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default FF NewTab: www.google.de FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Homepage: hxxp://www.google.de/ FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DownloadHelper - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: Flash and Video Download - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} FF Extension: adblockpopups - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\adblockpopups@jessehakanen.net.xpi FF Extension: youtube2mp3 - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\youtube2mp3@mondayx.de.xpi FF Extension: noscript - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: Adblock Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6oxbyvxa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG) S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3B69A712-4CBC-40B1-AE55-0203075FD093}\Installer\InstallerService.exe [118784 2012-08-27] () R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-03] (AVG Technologies) S3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [94208 2013-11-01] (VSO Software) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-12 13:53 - 2013-11-12 13:54 - 01090275 _____ (Farbar) C:\Users\Paul\Desktop\FRST.exe 2013-11-12 13:52 - 2013-11-12 13:52 - 00000996 _____ C:\Users\Admin\Desktop\checkup.txt 2013-11-12 13:43 - 2013-11-12 13:43 - 00891184 _____ C:\Users\Paul\Desktop\SecurityCheck.exe 2013-11-12 10:44 - 2013-11-12 10:44 - 00000000 ____D C:\Program Files\ESET 2013-11-12 10:30 - 2013-11-12 10:30 - 02347384 _____ (ESET) C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe 2013-11-11 19:38 - 2013-11-11 19:38 - 00001669 _____ C:\Users\Public\Desktop\Dawn Of Magic 2.lnk 2013-11-11 19:21 - 2013-11-11 19:21 - 00001813 _____ C:\Users\Public\Desktop\Verknüpfung mit Majesty.exe.lnk 2013-11-11 19:19 - 1999-03-23 00:00 - 00401484 _____ (Microsoft Corporation) C:\Windows\system32\msvcrtd.dll 2013-11-11 19:18 - 2013-11-11 19:18 - 00000000 ____D C:\Program Files\MicroProse 2013-11-10 20:08 - 2013-11-10 20:08 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Malwarebytes 2013-11-10 19:58 - 2013-11-10 19:58 - 00000000 ____D C:\Windows\ERUNT 2013-11-10 19:56 - 2013-11-10 19:56 - 01034531 _____ (Thisisu) C:\Users\Paul\Desktop\JRT.exe 2013-11-10 19:19 - 2013-11-10 19:51 - 00000000 ____D C:\AdwCleaner 2013-11-10 19:19 - 2013-11-10 19:19 - 01073262 _____ C:\Users\Paul\Desktop\adwcleaner.exe 2013-11-10 18:51 - 2013-11-10 18:51 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes 2013-11-10 18:50 - 2013-11-10 18:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-10 18:50 - 2013-11-10 18:50 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-10 18:50 - 2013-11-10 18:50 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-10 18:50 - 2013-11-10 18:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-11-10 18:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-11-09 21:44 - 2013-11-09 21:44 - 00080785 _____ C:\ComboFix.txt 2013-11-09 21:30 - 2013-11-09 21:44 - 00000000 ____D C:\ComboFix 2013-11-09 21:30 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2013-11-09 21:30 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2013-11-09 21:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-11-09 21:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-11-09 21:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-11-09 21:30 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2013-11-09 21:30 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2013-11-09 21:30 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2013-11-09 21:29 - 2013-11-09 21:44 - 00000000 ____D C:\Qoobox 2013-11-09 21:28 - 2013-11-09 21:44 - 00000000 ____D C:\Windows\erdnt 2013-11-09 21:28 - 2013-11-09 21:28 - 05145633 ____R (Swearware) C:\Users\Paul\Desktop\ComboFix.exe 2013-11-09 13:34 - 2013-11-09 13:34 - 00003847 _____ C:\Users\Paul\Desktop\gmer.txt 2013-11-09 13:11 - 2013-11-12 11:55 - 00000136 _____ C:\Windows\setupact.log 2013-11-09 13:11 - 2013-11-09 13:11 - 00000000 _____ C:\Windows\setuperr.log 2013-11-09 13:09 - 2013-11-09 13:09 - 00021903 _____ C:\Users\Paul\Desktop\Addition.txt 2013-11-09 13:08 - 2013-11-09 13:08 - 00377856 _____ C:\Users\Paul\Desktop\cg7wgqqh.exe 2013-11-09 13:08 - 2013-11-09 13:08 - 00000000 ____D C:\FRST 2013-11-09 13:03 - 2013-11-09 13:03 - 00000472 _____ C:\Users\Paul\Desktop\defogger_disable.log 2013-11-09 13:03 - 2013-11-09 13:03 - 00000000 _____ C:\Users\Admin\defogger_reenable 2013-11-09 13:02 - 2013-11-09 13:02 - 00050477 _____ C:\Users\Paul\Desktop\Defogger.exe 2013-11-09 12:58 - 2013-11-09 12:58 - 00000000 ____D C:\ProgramData\WindowsSearch 2013-11-04 16:10 - 2013-11-04 16:10 - 00000000 ____D C:\Users\Paul\Desktop\Bernd 2013-11-04 11:33 - 2013-11-04 11:33 - 00853364 _____ (Alpha Interactive ) C:\Users\Paul\Downloads\swfsetup26.exe 2013-11-04 11:33 - 2013-11-04 11:33 - 00000000 ____D C:\Program Files\SWFPlayer 2013-11-04 11:25 - 2013-11-04 11:25 - 14288339 _____ C:\Users\Paul\Downloads\arcuz---behind-the-dark.swf 2013-11-01 11:31 - 2013-11-01 11:53 - 00000000 ____D C:\Users\Paul\Desktop\VIDEO_TS 2013-11-01 11:24 - 2013-11-01 11:24 - 00000823 _____ C:\Users\Public\Desktop\DVD Shrink.lnk 2013-11-01 11:24 - 2013-11-01 11:24 - 00000000 ____D C:\Program Files\DVD Shrink 2013-11-01 11:21 - 2013-11-01 11:22 - 38999464 _____ (DVDShrink ) C:\Users\Admin\Desktop\dvdshrinksetup.exe 2013-11-01 11:20 - 2013-11-01 11:20 - 01544704 _____ C:\Windows\is-T8HOK.exe 2013-11-01 11:20 - 2013-11-01 11:20 - 00025599 _____ C:\Windows\is-T8HOK.msg 2013-11-01 11:20 - 2013-11-01 11:20 - 00000291 _____ C:\Windows\is-T8HOK.lst 2013-11-01 10:05 - 2013-11-01 10:53 - 00000000 ____D C:\Users\Paul\Documents\BlindWrite 2013-11-01 10:04 - 2013-11-01 11:19 - 00000000 ____D C:\Users\Paul\AppData\Roaming\VSO 2013-11-01 10:01 - 2013-11-01 11:28 - 00000033 _____ C:\Users\Admin\AppData\Roaming\ezplay.log 2013-11-01 09:59 - 2013-11-01 11:28 - 00094208 _____ (VSO Software) C:\Users\Admin\AppData\Roaming\ezplay.sys 2013-11-01 09:59 - 2013-11-01 11:28 - 00087608 _____ C:\Users\Admin\AppData\Roaming\inst.exe 2013-11-01 09:59 - 2013-11-01 11:28 - 00007861 _____ C:\Users\Admin\AppData\Roaming\ezplay.cat 2013-11-01 09:59 - 2013-11-01 11:28 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Vso 2013-11-01 09:59 - 2013-11-01 09:59 - 00094208 _____ (VSO Software) C:\Windows\system32\Drivers\ezplay.sys 2013-11-01 09:59 - 2013-11-01 09:59 - 00000125 _____ C:\Users\Admin\AppData\Roaming\ezplay.ini 2013-11-01 09:58 - 2013-11-01 09:59 - 09409744 _____ (VSO Software ) C:\Users\Paul\Downloads\BlindWrite6_setup1.exe 2013-11-01 09:51 - 2013-11-01 09:51 - 05185720 _____ C:\Users\Paul\Downloads\SetupCloneDVD2930(1).exe 2013-10-21 20:52 - 2013-10-21 20:52 - 00000033 _____ C:\Users\Ines\Desktop\debug.log 2013-10-21 08:38 - 2013-10-21 08:38 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-20 18:30 - 2013-10-20 18:42 - 00000000 ____D C:\Users\Ines\Desktop\Neuer Ordner (3) 2013-10-20 18:26 - 2013-10-24 17:59 - 00000000 ____D C:\Users\Ines\Desktop\bilder handy ines 2013-10-16 14:43 - 2013-10-16 14:54 - 00000000 ____D C:\Users\Paul\Desktop\Fußball Luca 2013-10-16 14:13 - 2013-10-16 14:28 - 00000000 ____D C:\Users\Paul\Desktop\Fußball ==================== One Month Modified Files and Folders ======= 2013-11-12 13:54 - 2013-11-12 13:53 - 01090275 _____ (Farbar) C:\Users\Paul\Desktop\FRST.exe 2013-11-12 13:52 - 2013-11-12 13:52 - 00000996 _____ C:\Users\Admin\Desktop\checkup.txt 2013-11-12 13:43 - 2013-11-12 13:43 - 00891184 _____ C:\Users\Paul\Desktop\SecurityCheck.exe 2013-11-12 12:39 - 2006-11-02 13:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-12 12:39 - 2006-11-02 13:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-12 11:55 - 2013-11-09 13:11 - 00000136 _____ C:\Windows\setupact.log 2013-11-12 10:44 - 2013-11-12 10:44 - 00000000 ____D C:\Program Files\ESET 2013-11-12 10:43 - 2009-04-11 17:55 - 01559202 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-12 10:42 - 2009-04-11 13:37 - 01512293 _____ C:\Windows\WindowsUpdate.log 2013-11-12 10:39 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-12 10:34 - 2006-11-02 14:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-11-12 10:30 - 2013-11-12 10:30 - 02347384 _____ (ESET) C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe 2013-11-12 08:16 - 2012-12-17 08:47 - 00000000 ____D C:\ProgramData\MFAData 2013-11-11 19:38 - 2013-11-11 19:38 - 00001669 _____ C:\Users\Public\Desktop\Dawn Of Magic 2.lnk 2013-11-11 19:38 - 2012-09-24 07:10 - 00000000 ____D C:\Program Files\Kalypso 2013-11-11 19:38 - 2012-07-31 19:47 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-11-11 19:36 - 2012-08-07 20:27 - 00000000 ____D C:\Users\Paul\AppData\Roaming\vlc 2013-11-11 19:35 - 2012-08-27 23:12 - 00057344 _____ C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-11 19:21 - 2013-11-11 19:21 - 00001813 _____ C:\Users\Public\Desktop\Verknüpfung mit Majesty.exe.lnk 2013-11-11 19:18 - 2013-11-11 19:18 - 00000000 ____D C:\Program Files\MicroProse 2013-11-10 20:08 - 2013-11-10 20:08 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Malwarebytes 2013-11-10 19:58 - 2013-11-10 19:58 - 00000000 ____D C:\Windows\ERUNT 2013-11-10 19:56 - 2013-11-10 19:56 - 01034531 _____ (Thisisu) C:\Users\Paul\Desktop\JRT.exe 2013-11-10 19:51 - 2013-11-10 19:19 - 00000000 ____D C:\AdwCleaner 2013-11-10 19:51 - 2012-10-29 20:38 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft 2013-11-10 19:51 - 2012-09-10 09:41 - 00000000 ____D C:\Users\Paul\AppData\Roaming\CheckPoint 2013-11-10 19:51 - 2012-09-10 09:19 - 00000000 ____D C:\Users\Admin\AppData\Roaming\CheckPoint 2013-11-10 19:19 - 2013-11-10 19:19 - 01073262 _____ C:\Users\Paul\Desktop\adwcleaner.exe 2013-11-10 19:15 - 2008-01-21 03:47 - 00184960 _____ C:\Windows\PFRO.log 2013-11-10 18:51 - 2013-11-10 18:51 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes 2013-11-10 18:50 - 2013-11-10 18:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-10 18:50 - 2013-11-10 18:50 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-10 18:50 - 2013-11-10 18:50 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-10 18:50 - 2013-11-10 18:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-11-09 21:44 - 2013-11-09 21:44 - 00080785 _____ C:\ComboFix.txt 2013-11-09 21:44 - 2013-11-09 21:30 - 00000000 ____D C:\ComboFix 2013-11-09 21:44 - 2013-11-09 21:29 - 00000000 ____D C:\Qoobox 2013-11-09 21:44 - 2013-11-09 21:28 - 00000000 ____D C:\Windows\erdnt 2013-11-09 21:44 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default 2013-11-09 21:44 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public 2013-11-09 21:43 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini 2013-11-09 21:28 - 2013-11-09 21:28 - 05145633 ____R (Swearware) C:\Users\Paul\Desktop\ComboFix.exe 2013-11-09 13:34 - 2013-11-09 13:34 - 00003847 _____ C:\Users\Paul\Desktop\gmer.txt 2013-11-09 13:11 - 2013-11-09 13:11 - 00000000 _____ C:\Windows\setuperr.log 2013-11-09 13:09 - 2013-11-09 13:09 - 00021903 _____ C:\Users\Paul\Desktop\Addition.txt 2013-11-09 13:08 - 2013-11-09 13:08 - 00377856 _____ C:\Users\Paul\Desktop\cg7wgqqh.exe 2013-11-09 13:08 - 2013-11-09 13:08 - 00000000 ____D C:\FRST 2013-11-09 13:03 - 2013-11-09 13:03 - 00000472 _____ C:\Users\Paul\Desktop\defogger_disable.log 2013-11-09 13:03 - 2013-11-09 13:03 - 00000000 _____ C:\Users\Admin\defogger_reenable 2013-11-09 13:03 - 2012-07-31 19:17 - 00000000 ____D C:\Users\Admin 2013-11-09 13:02 - 2013-11-09 13:02 - 00050477 _____ C:\Users\Paul\Desktop\Defogger.exe 2013-11-09 12:58 - 2013-11-09 12:58 - 00000000 ____D C:\ProgramData\WindowsSearch 2013-11-04 16:10 - 2013-11-04 16:10 - 00000000 ____D C:\Users\Paul\Desktop\Bernd 2013-11-04 11:33 - 2013-11-04 11:33 - 00853364 _____ (Alpha Interactive ) C:\Users\Paul\Downloads\swfsetup26.exe 2013-11-04 11:33 - 2013-11-04 11:33 - 00000000 ____D C:\Program Files\SWFPlayer 2013-11-04 11:30 - 2012-08-03 14:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-11-04 11:30 - 2012-08-03 14:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-11-04 11:30 - 2012-08-02 18:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe 2013-11-04 11:25 - 2013-11-04 11:25 - 14288339 _____ C:\Users\Paul\Downloads\arcuz---behind-the-dark.swf 2013-11-03 21:12 - 2012-12-05 10:05 - 00000000 ____D C:\Program Files\Common Files\Steam 2013-11-02 14:29 - 2012-09-11 08:12 - 00000000 ____D C:\Program Files\CDBurnerXP 2013-11-01 11:53 - 2013-11-01 11:31 - 00000000 ____D C:\Users\Paul\Desktop\VIDEO_TS 2013-11-01 11:28 - 2013-11-01 10:01 - 00000033 _____ C:\Users\Admin\AppData\Roaming\ezplay.log 2013-11-01 11:28 - 2013-11-01 09:59 - 00094208 _____ (VSO Software) C:\Users\Admin\AppData\Roaming\ezplay.sys 2013-11-01 11:28 - 2013-11-01 09:59 - 00087608 _____ C:\Users\Admin\AppData\Roaming\inst.exe 2013-11-01 11:28 - 2013-11-01 09:59 - 00007861 _____ C:\Users\Admin\AppData\Roaming\ezplay.cat 2013-11-01 11:28 - 2013-11-01 09:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Vso 2013-11-01 11:27 - 2013-02-05 09:10 - 00000000 ____D C:\Program Files\Elaborate Bytes 2013-11-01 11:24 - 2013-11-01 11:24 - 00000823 _____ C:\Users\Public\Desktop\DVD Shrink.lnk 2013-11-01 11:24 - 2013-11-01 11:24 - 00000000 ____D C:\Program Files\DVD Shrink 2013-11-01 11:22 - 2013-11-01 11:21 - 38999464 _____ (DVDShrink ) C:\Users\Admin\Desktop\dvdshrinksetup.exe 2013-11-01 11:20 - 2013-11-01 11:20 - 01544704 _____ C:\Windows\is-T8HOK.exe 2013-11-01 11:20 - 2013-11-01 11:20 - 00025599 _____ C:\Windows\is-T8HOK.msg 2013-11-01 11:20 - 2013-11-01 11:20 - 00000291 _____ C:\Windows\is-T8HOK.lst 2013-11-01 11:20 - 2012-09-11 08:12 - 00001734 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2013-11-01 11:19 - 2013-11-01 10:04 - 00000000 ____D C:\Users\Paul\AppData\Roaming\VSO 2013-11-01 10:53 - 2013-11-01 10:05 - 00000000 ____D C:\Users\Paul\Documents\BlindWrite 2013-11-01 09:59 - 2013-11-01 09:59 - 00094208 _____ (VSO Software) C:\Windows\system32\Drivers\ezplay.sys 2013-11-01 09:59 - 2013-11-01 09:59 - 00000125 _____ C:\Users\Admin\AppData\Roaming\ezplay.ini 2013-11-01 09:59 - 2013-11-01 09:58 - 09409744 _____ (VSO Software ) C:\Users\Paul\Downloads\BlindWrite6_setup1.exe 2013-11-01 09:55 - 2013-02-05 09:11 - 00000085 ___SH C:\ProgramData\.zreglib 2013-11-01 09:51 - 2013-11-01 09:51 - 05185720 _____ C:\Users\Paul\Downloads\SetupCloneDVD2930(1).exe 2013-10-29 06:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles 2013-10-25 07:08 - 2013-01-15 20:03 - 00000000 ____D C:\Users\Paul\AppData\Local\Paint.NET 2013-10-24 19:27 - 2012-08-02 17:15 - 00054272 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-24 19:18 - 2012-10-15 21:52 - 00005632 _____ C:\Users\Ines\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-24 17:59 - 2013-10-20 18:26 - 00000000 ____D C:\Users\Ines\Desktop\bilder handy ines 2013-10-22 07:09 - 2013-03-01 14:21 - 00000000 ____D C:\Users\Paul\AppData\Local\FreePDF_XP 2013-10-21 20:52 - 2013-10-21 20:52 - 00000033 _____ C:\Users\Ines\Desktop\debug.log 2013-10-21 17:32 - 2012-08-29 15:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-21 08:38 - 2013-10-21 08:38 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-20 19:03 - 2012-10-29 20:45 - 00000000 ____D C:\Users\Ines\AppData\Roaming\vlc 2013-10-20 18:42 - 2013-10-20 18:30 - 00000000 ____D C:\Users\Ines\Desktop\Neuer Ordner (3) 2013-10-16 14:54 - 2013-10-16 14:43 - 00000000 ____D C:\Users\Paul\Desktop\Fußball Luca 2013-10-16 14:28 - 2013-10-16 14:13 - 00000000 ____D C:\Users\Paul\Desktop\Fußball 2013-10-14 21:58 - 2013-09-26 17:56 - 00000000 ____D C:\Users\Ines\AppData\Local\Avg2014 Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\Quarantine.exe C:\Users\Paul\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ [/code] Eset hat wohl immer noch was gefunden  (kann leider keine Smylis anklicken, entweder durch ADB+ oder durch NoScript)Der Rechner fährt wieder schnell hoch und macht auch grundsätzlich keine Zicken. Nur schaltet er beim Spielen die Maus und die Tastatur gelegentlich ab. Aus dem USB port raus, wieder rein und es läuft wieder... weiß aber nicht ob das ein soft- oder Hardwareproblem ist. Wenn der Fehler durch rein-raus wieder behoben ist dann dürfte die HW doch ok sein? hab auch schon die front USB-Ports getestet, gleiches spiel Auf jeden fall mal schon ein dickes Danke für die Hilfe!!!
__________________ Grüße Die Viba Wer Rechtschreibfehler findet, darf sie behalten! |
|
13.11.2013, 08:33
| #12 | |
| /// the machine /// TB-Ausbilder | Nach Fund von Generic probleme mit dem PC Java und Adobe updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Zitat:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [ ] ()
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.11.2013, 20:36
| #13 |
| | Nach Fund von Generic probleme mit dem PC Hi Schrauber, die Pöhse Maus wars wohl, scheint nen wackler zu haben und dan den USB kurzfristig zu schießen Neue alte maus und alles klappt hier die log: Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2013 01
Ran by Paul at 2013-11-13 20:33:13 Run:1
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [ ] ()
*****************
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Error setting value.
==== End of Fixlog ====
DANKE DANKE DANKE DANKE!!!
__________________ Grüße Die Viba Wer Rechtschreibfehler findet, darf sie behalten! |
|
14.11.2013, 10:09
| #14 |
| /// the machine /// TB-Ausbilder | Nach Fund von Generic probleme mit dem PC Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Nach Fund von Generic probleme mit dem PC |
| antivirus, avg antivirus, avira searchfree toolbar, computer, excel, farbar, farbar recovery scan tool, fehler, flash player, helper, homepage, logfile, newtab, object, plug-in, pup.optional.bprotector.a, pup.optional.delta.a, pup.optional.iminent.a, pup.optional.pcperformer.a, scan, secure search, super, svchost.exe, vtoolbarupdater |
Linear-Darstellung
