TR/Mediyes.Gen gefunden!

pyroman · 03.01.2014, 10:02

Hallöchen,
bei mir wurde wieder einmal der Trojaner TR/Mediyes.Gen gefunden. Der scheint doch etwas hartnäckig zu sein. Könntet ihr mir bitte helfen?

LG
pyroman

schrauber · 03.01.2014, 11:54

Hi,

wer hat den Wo gefunden?

pyroman · 03.01.2014, 13:27

Moin,
Avira hat bei einem Suchlauf folgendes gefunden:

C:\Windows\WinSxS\Temp\PendingRenames\28f66cfc1305cf01fa040000ac14341c.x86_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.3.9600.16395_none_ec16b73cb184e5d3_ks.sys_f36cc2f7
[FUND] Ist das Trojanische Pferd TR/Mediyes.Gen
C:\Windows\WinSxS\Temp\PendingRenames\d0010c031405cf0109050000ac14341c.x86_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.3.9600.16395_none_ec16b73cb184e5d3_ks.sys_f36cc2f7
[FUND] Ist das Trojanische Pferd TR/Mediyes.Gen

LG

schrauber · 04.01.2014, 09:36

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

pyroman · 04.01.2014, 10:25

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014
Ran by Conne (administrator) on CORNELIUS on 04-01-2014 10:23:27
Running from C:\Users\Conne\Downloads
Microsoft Windows 8.1 Pro (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.68\opera.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.68\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKCU\...\Run: [Epson Stylus SX430(Netzwerk)] - C:\Users\Conne\AppData\Local\Temp\E_S34BB.tmp [190 2013-11-29] ()
HKCU\...\Run: [EPSONE6660C (Epson Stylus SX430)] - C:\Users\Conne\AppData\Local\Temp\E_S343E.tmp [234 2013-11-29] ()
MountPoints2: {5a6b132f-56a6-11e3-971d-0021851a7de2} - "G:\HTC_Sync_Manager_PC.exe" 
MountPoints2: {8a2ae0f2-52a3-11e3-9717-0021851a7de2} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\index.html
MountPoints2: {ac1454d9-60c5-11e3-9724-0021851a7de2} - "G:\HTC_Sync_Manager_PC.exe" 
MountPoints2: {e3c9cddf-5d2e-11e3-9721-0021851a7de2} - "G:\HTC_Sync_Manager_PC.exe" 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20D2B67952E6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Conne\AppData\Roaming\Mozilla\Firefox\Profiles\hnzqqsk5.default
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Adblock Plus - C:\Users\Conne\AppData\Roaming\Mozilla\Firefox\Profiles\hnzqqsk5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-10-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68728 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
R1 CXAVSAUD; C:\Windows\system32\DRIVERS\pvavsaud.sys [11008 2005-10-25] (Conexant Systems, Inc.)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 HCW88TSE; C:\Windows\system32\drivers\hcw88tse.sys [299715 2006-04-01] (Hauppauge Computer Works, Inc)
R3 netr28u; C:\Windows\system32\DRIVERS\netr28u.sys [1696528 2013-06-18] (Ralink Technology Corp.)
R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2013-10-31] (Avira GmbH)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-04 10:23 - 2014-01-04 10:23 - 01064761 _____ (Farbar) C:\Users\Conne\Downloads\FRST.exe
2014-01-04 10:23 - 2014-01-04 10:23 - 00008530 _____ C:\Users\Conne\Downloads\FRST.txt
2014-01-04 10:23 - 2014-01-04 10:23 - 00000000 ____D C:\FRST
2014-01-04 10:22 - 2014-01-04 10:22 - 01931368 _____ (Farbar) C:\Users\Conne\Downloads\FRST64.exe
2014-01-03 09:44 - 2013-11-19 11:30 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-02 21:34 - 2014-01-02 21:34 - 01467128 _____ C:\Users\Conne\Downloads\SystemCheck_deDE.exe
2014-01-02 12:36 - 2014-01-02 12:36 - 00000213 _____ C:\Users\Conne\Desktop\Left 4 Dead 2.url
2013-12-30 18:05 - 2013-12-30 18:05 - 00221593 _____ C:\Users\Conne\Downloads\hobbit o ton teaser
2013-12-30 15:19 - 2013-12-30 15:20 - 00059122 _____ C:\Users\Conne\Downloads\Praktikumsbericht_Hendrik.odt
2013-12-30 15:19 - 2013-12-30 15:19 - 00058091 _____ C:\Users\Conne\Downloads\Praktikumsbericht.odt
2013-12-30 14:03 - 2013-12-30 22:11 - 00018598 _____ C:\Users\Conne\Documents\Praktikumsbericht.odt
2013-12-28 21:46 - 2013-12-28 21:46 - 00017207 _____ C:\Users\Conne\Downloads\Protokoll von Leiterrunde 17.12.2013.odt
2013-12-21 12:55 - 2013-12-21 12:55 - 00846644 _____ C:\Users\Conne\Documents\Mecces.odt
2013-12-18 19:55 - 2013-12-18 19:55 - 00027370 _____ C:\Users\Conne\Documents\Essay Rep.IV_Lena Mittag (1).odt
2013-12-14 17:02 - 2013-12-14 17:02 - 00028807 _____ C:\Users\Conne\Downloads\Essay Rep.IV_Lena Mittag.odt
2013-12-14 17:02 - 2013-12-14 17:02 - 00028807 _____ C:\Users\Conne\Downloads\Essay Rep.IV_Lena Mittag (1).odt
2013-12-14 17:02 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 17:02 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-12-14 17:02 - 2013-11-11 01:50 - 00036696 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2013-12-14 17:02 - 2013-11-09 11:54 - 00261464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-12-14 17:02 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2013-12-14 17:02 - 2013-11-08 09:40 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2013-12-14 17:02 - 2013-11-08 05:42 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2013-12-14 17:02 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-12-14 17:02 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2013-12-14 17:02 - 2013-11-08 04:51 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2013-12-14 17:02 - 2013-11-08 04:30 - 01128448 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2013-12-14 17:02 - 2013-11-08 04:05 - 00734208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2013-12-14 17:02 - 2013-11-05 15:08 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2013-12-14 17:02 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2013-12-14 17:02 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2013-12-14 17:02 - 2013-11-04 06:52 - 01307480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-14 17:02 - 2013-11-04 06:52 - 00320856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-12-14 17:02 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2013-12-14 17:02 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-12-14 17:02 - 2013-11-04 01:45 - 02038784 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2013-12-14 17:02 - 2013-11-01 11:17 - 00077144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2013-12-14 17:02 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2013-12-14 17:02 - 2013-10-31 00:50 - 05753688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-14 17:02 - 2013-10-31 00:39 - 01381184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-12-14 17:02 - 2013-10-31 00:39 - 01270640 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-12-14 17:02 - 2013-10-31 00:39 - 01261320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-12-14 17:02 - 2013-10-31 00:39 - 01159080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-12-14 17:02 - 2013-10-26 21:28 - 00120152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SerCx2.sys
2013-12-14 17:02 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2013-12-14 17:02 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-12-14 17:02 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-14 17:02 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-12-14 03:57 - 2013-12-14 03:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2013-12-12 13:33 - 2013-12-12 18:13 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-12-11 09:38 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 09:38 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 09:38 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 09:38 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 09:38 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 09:38 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 09:38 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 09:38 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 09:38 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 09:38 - 2013-11-08 07:19 - 03494400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 09:37 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 09:37 - 2013-11-23 04:30 - 03423232 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2013-12-11 09:37 - 2013-11-23 04:11 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2013-12-11 09:37 - 2013-11-09 06:52 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2013-12-11 09:37 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2013-12-11 09:37 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 09:37 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-09 12:31 - 2013-12-09 12:31 - 00001314 _____ C:\DelFix.txt
2013-12-08 19:48 - 2013-12-08 19:48 - 00000000 ____D C:\Users\Conne\Downloads\FRST-OlderVersion
2013-12-08 14:42 - 2013-12-08 14:42 - 00027336 _____ C:\Users\Conne\Documents\Protokoll_Fußballseminar_021213.odt
2013-12-08 11:37 - 2013-12-08 11:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-12-08 11:34 - 2013-12-09 12:31 - 00000000 ____D C:\Windows\ERUNT
2013-12-08 10:45 - 2013-12-08 10:45 - 00000000 ____D C:\Users\Conne\AppData\Roaming\Malwarebytes
2013-12-08 10:44 - 2013-12-08 10:44 - 00001083 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-08 10:44 - 2013-12-08 10:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-08 10:44 - 2013-12-08 10:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-08 10:44 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-08 10:43 - 2013-12-08 10:43 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Conne\Downloads\mbam-setup-1.75.0.1300.exe

==================== One Month Modified Files and Folders =======

2014-01-04 10:23 - 2014-01-04 10:23 - 01064761 _____ (Farbar) C:\Users\Conne\Downloads\FRST.exe
2014-01-04 10:23 - 2014-01-04 10:23 - 00008530 _____ C:\Users\Conne\Downloads\FRST.txt
2014-01-04 10:23 - 2014-01-04 10:23 - 00000000 ____D C:\FRST
2014-01-04 10:22 - 2014-01-04 10:22 - 01931368 _____ (Farbar) C:\Users\Conne\Downloads\FRST64.exe
2014-01-04 10:17 - 2013-11-21 00:22 - 01919885 _____ C:\Windows\WindowsUpdate.log
2014-01-04 00:13 - 2013-11-21 02:01 - 00000000 ____D C:\Users\Conne\AppData\Local\PMB Files
2014-01-04 00:00 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\system32\sru
2014-01-03 23:55 - 2013-11-25 22:28 - 00000000 ____D C:\Users\Conne\AppData\Roaming\Skype
2014-01-03 23:14 - 2013-11-21 02:01 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-03 13:25 - 2013-11-21 00:29 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 13:20 - 2013-08-22 08:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 11:53 - 2013-11-21 00:25 - 00000000 ____D C:\Users\Conne
2014-01-03 09:41 - 2013-08-22 07:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-03 04:42 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-02 21:34 - 2014-01-02 21:34 - 01467128 _____ C:\Users\Conne\Downloads\SystemCheck_deDE.exe
2014-01-02 12:36 - 2014-01-02 12:36 - 00000213 _____ C:\Users\Conne\Desktop\Left 4 Dead 2.url
2014-01-02 12:33 - 2013-11-21 09:24 - 00000000 ____D C:\Program Files\Steam
2014-01-02 12:33 - 2013-11-21 09:24 - 00000000 ____D C:\Program Files\Common Files\Steam
2014-01-01 20:18 - 2013-11-21 13:33 - 00000000 ____D C:\Users\Conne\Desktop\Musik
2013-12-30 22:16 - 2013-11-28 08:38 - 00000000 ____D C:\Users\Conne\Documents\Versicherung Handy
2013-12-30 22:11 - 2013-12-30 14:03 - 00018598 _____ C:\Users\Conne\Documents\Praktikumsbericht.odt
2013-12-30 20:06 - 2013-11-21 01:54 - 00000000 ____D C:\Users\Conne\AppData\Roaming\TS3Client
2013-12-30 18:05 - 2013-12-30 18:05 - 00221593 _____ C:\Users\Conne\Downloads\hobbit o ton teaser
2013-12-30 15:20 - 2013-12-30 15:19 - 00059122 _____ C:\Users\Conne\Downloads\Praktikumsbericht_Hendrik.odt
2013-12-30 15:19 - 2013-12-30 15:19 - 00058091 _____ C:\Users\Conne\Downloads\Praktikumsbericht.odt
2013-12-28 21:46 - 2013-12-28 21:46 - 00017207 _____ C:\Users\Conne\Downloads\Protokoll von Leiterrunde 17.12.2013.odt
2013-12-28 16:07 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\AppReadiness
2013-12-22 11:44 - 2013-11-21 13:19 - 00000000 ____D C:\Users\Conne\Desktop\Musik anderes
2013-12-21 12:55 - 2013-12-21 12:55 - 00846644 _____ C:\Users\Conne\Documents\Mecces.odt
2013-12-20 11:59 - 2013-11-21 15:45 - 00000000 ____D C:\Users\Conne\AppData\Roaming\vlc
2013-12-18 19:55 - 2013-12-18 19:55 - 00027370 _____ C:\Users\Conne\Documents\Essay Rep.IV_Lena Mittag (1).odt
2013-12-18 19:55 - 2013-12-02 23:32 - 00035840 ___SH C:\Users\Conne\Documents\Thumbs.db
2013-12-17 16:48 - 2013-11-24 17:45 - 00000000 ____D C:\Program Files\Opera
2013-12-17 15:22 - 2013-11-21 09:23 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 15:22 - 2013-11-21 09:23 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 15:22 - 2013-11-21 09:23 - 00068728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-15 13:14 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\rescache
2013-12-15 10:21 - 2013-08-22 09:17 - 00000000 ___RD C:\Windows\ToastData
2013-12-15 10:21 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\WinStore
2013-12-15 10:21 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-15 10:21 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\MediaViewer
2013-12-15 10:21 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\FileManager
2013-12-15 10:21 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\Camera
2013-12-14 17:02 - 2013-12-14 17:02 - 00028807 _____ C:\Users\Conne\Downloads\Essay Rep.IV_Lena Mittag.odt
2013-12-14 17:02 - 2013-12-14 17:02 - 00028807 _____ C:\Users\Conne\Downloads\Essay Rep.IV_Lena Mittag (1).odt
2013-12-14 03:57 - 2013-12-14 03:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2013-12-13 15:50 - 2013-11-24 15:57 - 00000000 ____D C:\Windows\system32\MRT
2013-12-13 15:49 - 2013-11-24 15:57 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 10:29 - 2013-11-21 20:52 - 00000000 ____D C:\Windows\Minidump
2013-12-13 10:29 - 2013-11-21 01:44 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-13 10:29 - 2013-11-21 00:19 - 00063488 ____N C:\Windows\Minidump\121313-18140-01.dmp
2013-12-12 18:13 - 2013-12-12 13:33 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-12-12 12:23 - 2013-11-21 01:49 - 00000000 ____D C:\Users\Conne\AppData\Local\Thunderbird
2013-12-11 15:29 - 2013-08-22 08:22 - 00360456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 09:21 - 2013-08-22 08:23 - 00090918 _____ C:\Windows\setupact.log
2013-12-09 12:33 - 2013-11-21 00:19 - 00158818 _____ C:\Windows\PFRO.log
2013-12-09 12:31 - 2013-12-09 12:31 - 00001314 _____ C:\DelFix.txt
2013-12-09 12:31 - 2013-12-08 11:34 - 00000000 ____D C:\Windows\ERUNT
2013-12-08 19:48 - 2013-12-08 19:48 - 00000000 ____D C:\Users\Conne\Downloads\FRST-OlderVersion
2013-12-08 14:42 - 2013-12-08 14:42 - 00027336 _____ C:\Users\Conne\Documents\Protokoll_Fußballseminar_021213.odt
2013-12-08 11:39 - 2013-08-22 07:21 - 00000000 __RHD C:\Users\Default
2013-12-08 11:37 - 2013-12-08 11:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-12-08 11:31 - 2013-11-21 00:25 - 00001164 _____ C:\Users\Conne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-08 10:45 - 2013-12-08 10:45 - 00000000 ____D C:\Users\Conne\AppData\Roaming\Malwarebytes
2013-12-08 10:44 - 2013-12-08 10:44 - 00001083 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-08 10:44 - 2013-12-08 10:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-08 10:44 - 2013-12-08 10:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-08 10:43 - 2013-12-08 10:43 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Conne\Downloads\mbam-setup-1.75.0.1300.exe

Some content of TEMP:
====================
C:\Users\Conne\AppData\Local\Temp\36911uninstall.exe
C:\Users\Conne\AppData\Local\Temp\avgnt.exe
C:\Users\Conne\AppData\Local\Temp\BackupSetup.exe
C:\Users\Conne\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Conne\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Conne\AppData\Local\Temp\Quarantine.exe
C:\Users\Conne\AppData\Local\Temp\Sqlite3.dll
C:\Users\Conne\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2013-11-24 15:51] - [2013-10-22 07:03] - 2065448 ____A (Microsoft Corporation) 1A0BC9598E4A58FC84570FFF5A108E58

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-03 04:42

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-01-2014
Ran by Conne at 2014-01-04 10:24:00
Running from C:\Users\Conne\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (Version:  - )
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 11 Plugin (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (Version: 2.0.5 - Audacity Team)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Batman: Arkham Asylum GOTY Edition (Version:  - Rocksteady Studios)
Benutzerhandbuch - Grundlagen EPSON SX430 Series (Version:  - )
Benutzerhandbuch EPSON SX430 Series (Version:  - )
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Dead Space™ 3 (Version: 1.0.0.0 - Electronic Arts, Inc.)
Epson Easy Photo Print 2 (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (Version:  - Seiko Epson Corporation)
EPSON SX430 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (Version: 2.4j - SEIKO EPSON CORPORATION)
Free YouTube to MP3 Converter version 3.12.17.1125 (Version: 3.12.17.1125 - DVDVideoSoft Ltd.)
Google Update Helper (Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Hama Wireless LAN Adapter (Version: 10.6.0 - Hama)
iTunes (Version: 11.1.3.8 - Apple Inc.)
LAME v3.99.3 (for Windows) (Version:  - )
League of Legends (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (Version:  - Valve)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (Version: 24.2.0 - Mozilla)
Netzwerkhandbuch EPSON SX430 Series (Version:  - )
NVIDIA PhysX (Version: 9.09.0814 - NVIDIA Corporation)
OpenOffice 4.0.1 (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 18.0.1284.68 (Version: 18.0.1284.68 - Opera Software ASA)
Origin (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Pando Media Booster (Version: 2.6.0.7 - Pando Networks Inc.)
Realtek High Definition Audio Driver (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Steam (Version:  - Valve Corporation)
TeamSpeak 3 Client (Version: 3.0.13 - TeamSpeak Systems GmbH)
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)

==================== Restore Points  =========================

01-01-2014 15:58:17 Windows Update

==================== Hosts content: ==========================

2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {336FB98B-D99C-4A52-BDA3-F745B26B99A0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-13] (Microsoft Corporation)
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

==================== Loaded Modules (whitelisted) =============

2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-17 16:48 - 2013-12-12 10:15 - 00886624 _____ () C:\Program Files\Opera\18.0.1284.68\libglesv2.dll
2013-12-17 16:48 - 2013-12-12 10:15 - 00108896 _____ () C:\Program Files\Opera\18.0.1284.68\libegl.dll
2013-12-17 16:48 - 2013-12-12 10:15 - 00879968 _____ () C:\Program Files\Opera\18.0.1284.68\ffmpegsumo.dll
2013-12-12 13:33 - 2013-12-12 13:33 - 03017840 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2013-12-12 13:33 - 2013-12-12 13:33 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-12 13:33 - 2013-12-12 13:33 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-11-21 15:01 - 2013-11-21 15:01 - 16237448 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Videocontroller für Multimedia
Description: Videocontroller für Multimedia
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2014 10:17:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36204500

Error: (01/04/2014 10:17:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36204500

Error: (01/04/2014 10:17:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/03/2014 09:41:29 AM) (Source: ESENT) (User: )
Description: Catalog Database (1232) Catalog Database: Das Datenbankmodul hat die Instanz (0) mit einem Fehler (-510) beendet.



Interne Zeitsteuerungsabfolge: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.281, [6] 0.000, [7] 0.000, [8] 0.000, [9] 1.406, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.391, [14] 0.000, [15] 0.250.

Error: (01/03/2014 09:41:26 AM) (Source: ESENT) (User: )
Description: Catalog Database (1232) Catalog Database: Die Protokolldatei-Reihenfolge in "C:\Windows\system32\CatRoot2\" wurde durch einen schwerwiegenden Fehler angehalten. Für die Datenbank, die diese Protokolldatei-Reihenfolge verwendet, sind keine weiteren Aktualisierungen möglich. Bitte korrigieren Sie das Problem, und starten Sie erneut, oder führen Sie eine Wiederherstellung aus einer Sicherung durch.

Error: (01/03/2014 09:41:26 AM) (Source: ESENT) (User: )
Description: Catalog Database (1232) Catalog Database: Beim Leeren von Protokolldatei C:\Windows\system32\CatRoot2\edb.log kann nicht in Abschnitt 2 geschrieben werden. Fehler -1011 (0xfffffc0d).

Error: (01/03/2014 09:41:26 AM) (Source: ESENT) (User: )
Description: Catalog Database (1232) Catalog Database: Versuch, in Datei "C:\Windows\system32\CatRoot2\edb.log" bei Offset 1241088 (0x000000000012f000) für 4096 (0x00001000) Bytes zu schreiben, ist nach Catalog Database0 Sekunden mit Systemfehler 8 (0x00000008): "Für diesen Befehl ist nicht genügend Speicher verfügbar. " fehlgeschlagen. Fehler -1011 (0xfffffc0d) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (01/03/2014 09:41:20 AM) (Source: ESENT) (User: )
Description: taskhostex (3700) WebCacheLocal: Das Datenbankmodul hat die Instanz (0) mit einem Fehler (-1011) beendet.



Interne Zeitsteuerungsabfolge: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.203, [6] 0.000, [7] 0.000, [8] 0.031, [9] 0.016, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.015, [14] 0.000, [15] 0.000.

Error: (01/03/2014 09:41:20 AM) (Source: ESENT) (User: )
Description: taskhostex (3700) WebCacheLocal: Die Shadowkopfzeile für Datei C:\Users\Conne\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat konnte nicht geschrieben werden. Fehler -1011.

Error: (01/03/2014 09:41:20 AM) (Source: ESENT) (User: )
Description: taskhostex (3700) WebCacheLocal: Versuch, in Datei "C:\Users\Conne\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" bei Offset 0 (0x0000000000000000) für 32768 (0x00008000) Bytes zu schreiben, ist nach taskhostex0 Sekunden mit Systemfehler 8 (0x00000008): "Für diesen Befehl ist nicht genügend Speicher verfügbar. " fehlgeschlagen. Fehler -1011 (0xfffffc0d) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.


System errors:
=============
Error: (01/03/2014 01:20:50 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎03.‎01.‎2014 um 11:42:39 unerwartet heruntergefahren.

Error: (01/03/2014 09:46:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Windows Defender – KB2267602 (Definition 1.165.1053.0)

Error: (01/03/2014 09:41:22 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d63\??\C:\Users\Conne\AppData\Local\Microsoft\Windows\UsrClass.dat

Error: (01/03/2014 09:41:22 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d29\??\C:\Users\Conne\ntuser.dat

Error: (01/03/2014 08:51:50 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d29\??\C:\Users\Conne\ntuser.dat

Error: (01/03/2014 08:51:49 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d36\SystemRoot\System32\Config\SOFTWARE

Error: (01/03/2014 08:51:49 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (01/03/2014 08:50:57 AM) (Source: Microsoft-Windows-Eventlog) (User: NT-AUTORITÄT)
Description: Der Ereignisprotokollierungsdienst hat einen Fehler (Auflösung=8) beim Initialisieren der Protokollierung der Ressourcen für Kanal "Microsoft-Windows-Windows Defender/Operational" erkannt.

Error: (01/03/2014 04:43:33 AM) (Source: DCOM) (User: Cornelius)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/03/2014 04:43:01 AM) (Source: DCOM) (User: Cornelius)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (01/04/2014 10:17:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36204500

Error: (01/04/2014 10:17:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36204500

Error: (01/04/2014 10:17:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/03/2014 09:41:29 AM) (Source: ESENT)(User: )
Description: Catalog Database1232Catalog Database: 0-510[1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.281, [6] 0.000, [7] 0.000, [8] 0.000, [9] 1.406, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.391, [14] 0.000, [15] 0.250.

Error: (01/03/2014 09:41:26 AM) (Source: ESENT)(User: )
Description: Catalog Database1232Catalog Database: C:\Windows\system32\CatRoot2\

Error: (01/03/2014 09:41:26 AM) (Source: ESENT)(User: )
Description: Catalog Database1232Catalog Database: C:\Windows\system32\CatRoot2\edb.log-1011 (0xfffffc0d)

Error: (01/03/2014 09:41:26 AM) (Source: ESENT)(User: )
Description: Catalog Database1232Catalog Database: C:\Windows\system32\CatRoot2\edb.log1241088 (0x000000000012f000)4096 (0x00001000)-1011 (0xfffffc0d)8 (0x00000008)Für diesen Befehl ist nicht genügend Speicher verfügbar. 0.000

Error: (01/03/2014 09:41:20 AM) (Source: ESENT)(User: )
Description: taskhostex3700WebCacheLocal: 0-1011[1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.203, [6] 0.000, [7] 0.000, [8] 0.031, [9] 0.016, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.015, [14] 0.000, [15] 0.000.

Error: (01/03/2014 09:41:20 AM) (Source: ESENT)(User: )
Description: taskhostex3700WebCacheLocal: C:\Users\Conne\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1011

Error: (01/03/2014 09:41:20 AM) (Source: ESENT)(User: )
Description: taskhostex3700WebCacheLocal: C:\Users\Conne\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat0 (0x0000000000000000)32768 (0x00008000)-1011 (0xfffffc0d)8 (0x00000008)Für diesen Befehl ist nicht genügend Speicher verfügbar. 0.000


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 3071.16 MB
Available physical RAM: 1783.25 MB
Total Pagefile: 6143.16 MB
Available Pagefile: 4332.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1855.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.65 GB) (Free:4.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Backup) (Fixed) (Total:232.88 GB) (Free:78.74 GB) NTFS
Drive e: (Daten) (Fixed) (Total:368.1 GB) (Free:210.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 0D131CAC)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3BEE743F)
Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 05.01.2014, 11:39

Lass die von Antivir angemeckerten Dateien bitte bei www.virustotal.com scannen und poste bitte die Links zu den Ergebnissen.

03.01.2014, 11:54	#2
schrauber /// the machine /// TB-Ausbilder	TR/Mediyes.Gen gefunden! Hi, wer hat den Wo gefunden? __________________ __________________

05.01.2014, 11:39	#6
schrauber /// the machine /// TB-Ausbilder	TR/Mediyes.Gen gefunden! Lass die von Antivir angemeckerten Dateien bitte bei www.virustotal.com scannen und poste bitte die Links zu den Ergebnissen. __________________ --> TR/Mediyes.Gen gefunden!

TR/Mediyes.Gen gefunden!

Plagegeister aller Art und deren Bekämpfung: TR/Mediyes.Gen gefunden!