| |
| |||||||
Log-Analyse und Auswertung: Windows 7 64-bit: laut Windows ist Avast (VistHaux.exe) deaktiviert; eine meiner Emailadressen war auf der BSI-ListeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.01.2014, 00:17
| #1 |
| |  Windows 7 64-bit: laut Windows ist Avast (VistHaux.exe) deaktiviert; eine meiner Emailadressen war auf der BSI-Liste Hallo, nachdem eine meiner Emailadressen auf der BSI-Liste war habe ich meinen Computer von Avast! Free Antivirus komplett scannen lassen und danach zusätzlich noch von dem vom BSI empfohlenen Avira PC-Cleaner. Beide Programme konnten nichts finden. Jetzt ist mir allerdings aufgefallen dass im Windows Wartungscenter die Meldung kommt dass Avast! Antivirus deaktiviert wäre, wenn ich auf "Jetzt einschalten" klicke ist keine Änderung zu bemerken, die Meldung erscheint weiterhin. Avast selber allerdings meldet "Everything is good, Everything up-to-date, All shields active" (sowohl vor als auch nach dem Klick auf "Jetzt einschalten"). Bevor ich jetzt wie vom BSI empfohlen alle meine mit der besagten Emailadresse verknüpften Passwörter ändere würde ich gerne sicherstellen dass ich wirklich keine Malware (mehr) auf dem Computer habe und würde mich sehr freuen wenn ihr mir damit behilflich sein könntet. Eine Frage habe ich noch, ich habe auf meinem Computer 3 Benutzerkonten mit zum Teil unterschiedlichen installierten Programmmen, ist das wichtig? Ich habe die logfiles alle von dem Administratorkonto aus erstellt. FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by Kathrin (administrator) on KATHRIN-PC on 24-01-2014 23:55:42
Running from C:\Users\Kathrin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Syncables, LLC) C:\Program Files (x86)\Common Files\Syncables Shared\java\syncables.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Syncables Shared\java\jre\bin\javaw.exe
(6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Mouse driver\mouse_driver.exe
() C:\Mouse driver\wh_exec.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVAST Software) C:\Program Files\Avast5\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
() C:\Users\Kathrin\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [KBD] - C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
HKLM-x32\...\Run: [HP Health Check Scheduler] - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [uni mouse driver] - C:\Mouse driver\mouse_driver.exe [2972672 2011-11-09] ()
HKLM-x32\...\Run: [uni mouse driver tilt] - C:\Mouse driver\wh_exec.exe [147456 2010-10-05] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\Avast5\AvastUI.exe [3764024 2013-12-22] (AVAST Software)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\Avast5\setup\emupdate\49eabd62-67e5-458e-8ef9-925911773f3a.exe /check [181136 2014-01-24] (AVAST Software)
HKCU\...\Run: [Syncables] - C:\Program Files (x86)\Common Files\syncables Shared\java\Syncables.exe [357752 2010-09-22] (Syncables, LLC)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKCU\...\Run: [Wunderlist] - C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MountPoints2: {e8d4e1b8-bf15-11df-a3db-00248c9ca04b} - G:\LaunchU3.exe -a
HKU\Kath\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\Kath\...\Run: [Wunderlist] - C:\Users\Kath\AppData\Local\Apps\2.0\HA3PQNNN.E9W\K8H5YHX4.OZ1\wund..tion_45ec1bcecca77a53_0002.0000_764351e9af88762f\Wunderlist.exe [6909952 2013-04-24] (6 Wunderkinder GmbH)
HKU\Kath\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\Noa\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
Startup: C:\Users\Kath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Noa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig?hl=de&source=iglk
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
URLSearchHook: HKCU - (No Name) - {0e3dbc69-a682-48da-84e1-82c63a5d678e} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {CA8FE908-E845-4081-937D-C045FEC0FC98} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - DefaultScope {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {CA8FE908-E845-4081-937D-C045FEC0FC98} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM-x32 - {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - DefaultScope {5D7816BA-D24E-4D9B-8717-3BF8C8212D93} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {3D510203-C8E5-4580-A483-0934D92DFA97} URL = hxxp://www.dict.cc/?s={searchTerms}
SearchScopes: HKCU - {524979F3-E9C7-43F9-A137-BCD79F1D6364} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - {5D7816BA-D24E-4D9B-8717-3BF8C8212D93} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} URL =
SearchScopes: HKCU - {CA8FE908-E845-4081-937D-C045FEC0FC98} URL =
SearchScopes: HKCU - {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {0E3DBC69-A682-48DA-84E1-82C63A5D678E} - No File
DPF: HKLM-x32 {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: HKLM-x32 {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} hxxp://www.freehandmusic.com/update/biblionet.cab
DPF: HKLM-x32 {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} hxxp://www.freehandmusic.com/update/soleromusiccontrol.cab
DPF: HKLM-x32 {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\oiro3fzm.default
FF NewTab: about:blank
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.bbc.co.uk/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "backup.ftp", "138.246.99.249:3124"
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.gopher", "138.246.99.249:3124"
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "backup.socks", "138.246.99.249:3124"
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", "138.246.99.249:3124"
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "hxxp://nntime.com/proxy-country/Germany-01.htm"
FF NetworkProxy: "gopher", "hxxp://nntime.com/proxy-country/Germany-01.htm"
FF NetworkProxy: "http", "hxxp://nntime.com/proxy-country/Germany-01.htm"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "hxxp://nntime.com/proxy-country/Germany-01.htm"
FF NetworkProxy: "ssl", "hxxp://nntime.com/proxy-country/Germany-01.htm"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\oiro3fzm.default\searchplugins\googlede.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Pocket - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\oiro3fzm.default\Extensions\isreaditlater@ideashower.com [2013-07-01]
FF Extension: Evernote Web Clipper - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\oiro3fzm.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-18]
FF Extension: Ghostery - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\oiro3fzm.default\Extensions\firefox@ghostery.com.xpi [2013-08-17]
FF Extension: Add to Wunderlist for Firefox - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\oiro3fzm.default\Extensions\jid1-3gu11JeYBiIuJA@jetpack.xpi [2013-03-14]
FF Extension: Dict.cc Translation - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\oiro3fzm.default\Extensions\searchdictcc@roughael.xpi [2012-11-26]
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\oiro3fzm.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2012-09-24]
FF Extension: NoScript - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\oiro3fzm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-05-21]
FF Extension: gTranslate - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\oiro3fzm.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2011-11-09]
FF Extension: Adblock Plus - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\oiro3fzm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-13]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Avast5\WebRep\FF [2011-02-27]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Avast5\AvastSvc.exe [50344 2013-12-22] (AVAST Software)
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
==================== Drivers (Whitelisted) ====================
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-22] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-09-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-06] (Disc Soft Ltd)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-13] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-09-24] ()
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH)
S3 SKYNETU2; C:\Windows\System32\DRIVERS\SkyNETU2_AMD64.SYS [518672 2009-09-11] (TechniSat Digital, S.A.)
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
R3 whfltr2k; C:\Windows\SysWOW64\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-24 23:55 - 2014-01-24 23:56 - 00023362 _____ C:\Users\Kathrin\Desktop\FRST.txt
2014-01-24 23:55 - 2014-01-24 23:55 - 02077696 _____ (Farbar) C:\Users\Kathrin\Desktop\FRST64.exe
2014-01-24 23:55 - 2014-01-24 23:55 - 00000000 ____D C:\FRST
2014-01-24 23:54 - 2014-01-24 23:54 - 00000476 _____ C:\Users\Kathrin\Desktop\defogger_disable.log
2014-01-24 23:54 - 2014-01-24 23:54 - 00000000 _____ C:\Users\Kathrin\defogger_reenable
2014-01-24 23:52 - 2014-01-24 23:52 - 00050477 _____ C:\Users\Kathrin\Desktop\Defogger.exe
2014-01-22 21:42 - 2014-01-22 21:42 - 00002041 _____ C:\Users\Kathrin\Desktop\Entfernen des Avira PC Cleaners.lnk
2014-01-22 21:42 - 2014-01-22 21:42 - 00001985 _____ C:\Users\Kathrin\Desktop\Avira PC Cleaner.lnk
2014-01-22 21:34 - 2014-01-22 21:34 - 02278856 _____ C:\Users\Kathrin\Downloads\avira_pc_cleaner_de.exe
2014-01-22 09:47 - 2014-01-22 09:47 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2014-01-22 09:47 - 2014-01-22 09:47 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2014-01-21 19:17 - 2014-01-21 19:17 - 00277288 _____ C:\Windows\Minidump\012114-98811-01.dmp
2014-01-16 00:06 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 00:06 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 00:06 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 00:06 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 00:06 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 00:06 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 00:06 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 00:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 11:04 - 2014-01-10 11:04 - 00014336 ___SH C:\Users\Kathrin\Thumbs.db
2013-12-31 12:42 - 2013-12-31 12:42 - 00002213 _____ C:\Users\Kathrin\Desktop\Google Chrome.lnk
==================== One Month Modified Files and Folders =======
2014-01-24 23:56 - 2014-01-24 23:55 - 00023362 _____ C:\Users\Kathrin\Desktop\FRST.txt
2014-01-24 23:55 - 2014-01-24 23:55 - 02077696 _____ (Farbar) C:\Users\Kathrin\Desktop\FRST64.exe
2014-01-24 23:55 - 2014-01-24 23:55 - 00000000 ____D C:\FRST
2014-01-24 23:54 - 2014-01-24 23:54 - 00000476 _____ C:\Users\Kathrin\Desktop\defogger_disable.log
2014-01-24 23:54 - 2014-01-24 23:54 - 00000000 _____ C:\Users\Kathrin\defogger_reenable
2014-01-24 23:54 - 2010-09-12 19:53 - 00000000 ____D C:\Users\Kathrin
2014-01-24 23:52 - 2014-01-24 23:52 - 00050477 _____ C:\Users\Kathrin\Desktop\Defogger.exe
2014-01-24 23:33 - 2010-09-12 19:50 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-24 23:33 - 2010-09-12 19:50 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-24 23:31 - 2010-09-12 20:41 - 01826809 _____ C:\Windows\WindowsUpdate.log
2014-01-24 23:26 - 2010-09-13 10:45 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C20CAFC4-BF99-462A-B37F-F25F48185F6B}
2014-01-24 23:24 - 2009-05-06 13:34 - 00003664 _____ C:\Windows\System32\Tasks\HP Health Check
2014-01-24 23:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-24 23:19 - 2009-07-14 05:51 - 32401303 _____ C:\Windows\setupact.log
2014-01-24 23:19 - 2009-02-04 20:12 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-22 21:42 - 2014-01-22 21:42 - 00002041 _____ C:\Users\Kathrin\Desktop\Entfernen des Avira PC Cleaners.lnk
2014-01-22 21:42 - 2014-01-22 21:42 - 00001985 _____ C:\Users\Kathrin\Desktop\Avira PC Cleaner.lnk
2014-01-22 21:34 - 2014-01-22 21:34 - 02278856 _____ C:\Users\Kathrin\Downloads\avira_pc_cleaner_de.exe
2014-01-22 09:51 - 2012-12-23 14:23 - 00000000 ____D C:\Users\Kath\AppData\Local\Mozilla
2014-01-22 09:51 - 2010-09-18 11:59 - 00000000 ____D C:\Users\Kathrin\AppData\Local\CrashDumps
2014-01-22 09:48 - 2012-09-24 10:21 - 00004154 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-22 09:47 - 2014-01-22 09:47 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2014-01-22 09:47 - 2014-01-22 09:47 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2014-01-21 19:17 - 2014-01-21 19:17 - 00277288 _____ C:\Windows\Minidump\012114-98811-01.dmp
2014-01-21 19:17 - 2010-09-14 07:25 - 00000000 ____D C:\Windows\Minidump
2014-01-21 19:16 - 2010-09-14 07:24 - 509012904 _____ C:\Windows\MEMORY.DMP
2014-01-20 22:44 - 2009-09-23 15:00 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\Skype
2014-01-19 11:21 - 2009-07-14 05:45 - 00583016 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:05 - 2013-07-31 01:03 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 03:00 - 2010-09-15 08:33 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-10 11:04 - 2014-01-10 11:04 - 00014336 ___SH C:\Users\Kathrin\Thumbs.db
2014-01-03 20:56 - 2012-09-28 21:05 - 00002247 _____ C:\Users\Kathrin\Desktop\Kindle.lnk
2014-01-03 20:56 - 2012-09-28 21:05 - 00000000 ____D C:\Users\Kathrin\Documents\My Kindle Content
2014-01-03 20:55 - 2012-09-28 21:05 - 00000000 ____D C:\Users\Kathrin\AppData\Local\Amazon
2014-01-03 19:08 - 2013-06-20 00:29 - 00000000 ____D C:\Users\Kathrin\Documents\Bibliothek
2013-12-31 12:43 - 2010-02-01 23:48 - 00000000 ____D C:\Users\Kathrin\AppData\Local\Google
2013-12-31 12:42 - 2013-12-31 12:42 - 00002213 _____ C:\Users\Kathrin\Desktop\Google Chrome.lnk
2013-12-27 11:25 - 2010-09-12 22:41 - 00000000 ____D C:\Users\Kathrin\AppData\Roaming\HpUpdate
Some content of TEMP:
====================
C:\Users\Kath\AppData\Local\Temp\Wunderlist-Setup2.3.0.30.exe
C:\Users\Kathrin\AppData\Local\Temp\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
C:\Users\Kathrin\AppData\Local\Temp\AskSLib.dll
C:\Users\Kathrin\AppData\Local\Temp\AutoRun.exe
C:\Users\Kathrin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Kathrin\AppData\Local\Temp\BBAccess.dll
C:\Users\Kathrin\AppData\Local\Temp\device_file_access_dll.dll
C:\Users\Kathrin\AppData\Local\Temp\DTLite4471-0335.exe
C:\Users\Kathrin\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Kathrin\AppData\Local\Temp\EAD1C17.exe
C:\Users\Kathrin\AppData\Local\Temp\EAD20B9.exe
C:\Users\Kathrin\AppData\Local\Temp\EAD3A61.exe
C:\Users\Kathrin\AppData\Local\Temp\EAD9F2B.exe
C:\Users\Kathrin\AppData\Local\Temp\EADA488.exe
C:\Users\Kathrin\AppData\Local\Temp\EADB1E0.exe
C:\Users\Kathrin\AppData\Local\Temp\EADBB43.exe
C:\Users\Kathrin\AppData\Local\Temp\EADFCA6.exe
C:\Users\Kathrin\AppData\Local\Temp\EADFEB8.exe
C:\Users\Kathrin\AppData\Local\Temp\eauninstall.exe
C:\Users\Kathrin\AppData\Local\Temp\First15.exe
C:\Users\Kathrin\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Kathrin\AppData\Local\Temp\GLF5EE.tmp.ConduitEngineSetup.exe
C:\Users\Kathrin\AppData\Local\Temp\GLFB3F8.tmp.ConduitEngineSetup.exe
C:\Users\Kathrin\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Kathrin\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Kathrin\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Kathrin\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Kathrin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Kathrin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Kathrin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Kathrin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Kathrin\AppData\Local\Temp\NEventMessages.dll
C:\Users\Kathrin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Kathrin\AppData\Local\Temp\nsf9F3C.tmp.ConduitEngineEmbbed.exe
C:\Users\Kathrin\AppData\Local\Temp\nsl9666.tmp.ConduitEngineEmbbed.exe
C:\Users\Kathrin\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Kathrin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kathrin\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Kathrin\AppData\Local\Temp\nvStInst.exe
C:\Users\Kathrin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kathrin\AppData\Local\Temp\syncables.jni.dll
C:\Users\Kathrin\AppData\Local\Temp\syncables.portableDevice.rim.dll
C:\Users\Kathrin\AppData\Local\Temp\syncables.portableDevice.wmdm.dll
C:\Users\Kathrin\AppData\Local\Temp\syncables.rapi.dll
C:\Users\Kathrin\AppData\Local\Temp\tbBig0.dll
C:\Users\Kathrin\AppData\Local\Temp\tbBigp.dll
C:\Users\Kathrin\AppData\Local\Temp\The Sims 2 Apartment Life_uninst.exe
C:\Users\Kathrin\AppData\Local\Temp\ubi9280.tmp.exe
C:\Users\Kathrin\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Kathrin\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Kathrin\AppData\Local\Temp\VP6Install.exe
C:\Users\Kathrin\AppData\Local\Temp\VP6VFW.dll
C:\Users\Kathrin\AppData\Local\Temp\VSUSetup.exe
C:\Users\Kathrin\AppData\Local\Temp\Wunderlist-Setup2.2.1.20.exe
C:\Users\Kathrin\AppData\Local\Temp\Wunderlist-Setup2.2.1.21.exe
C:\Users\Kathrin\AppData\Local\Temp\Wunderlist-Setup2.2.1.22.exe
C:\Users\Kathrin\AppData\Local\Temp\Wunderlist-Setup2.2.1.23.exe
C:\Users\Kathrin\AppData\Local\Temp\Wunderlist-Setup2.3.0.25.exe
C:\Users\Kathrin\AppData\Local\Temp\Wunderlist-Setup2.3.0.29.exe
C:\Users\Kathrin\AppData\Local\Temp\Wunderlist-Setup2.3.0.30.exe
C:\Users\Kathrin\AppData\Local\Temp\Wunderlist-Setup2.3.0.31.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-14 20:43
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2014
Ran by Kathrin at 2014-01-25 00:00:16
Running from C:\Users\Kathrin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0 - Igor Pavlov)
AC3Filter 2.5b (x32 Version: 2.5b - Alexander Vigovsky)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (x32 Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.5.146 - Adobe Systems, Inc.)
Amazon Kindle (HKCU Version: - Amazon)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) Hidden
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ANNO 1404 (x32 Version: 1.02.0000 - Ubisoft)
ArcGIS Desktop Evaluation Edition (x32 Version: 9.3.3000 - Environmental Systems Research Institute, Inc.)
ArcGIS Desktop Evaluation Edition (x32 Version: 9.3.3000 - Environmental Systems Research Institute, Inc.) Hidden
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Brain Builder (entfernen) (x32 Version: - )
Canvas for Microsoft® OneNote® 2007 (x32 Version: 1.1.1315.0 - Microsoft Office Labs)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1116.1515.27190 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.06 - Piriform)
CEP (Color Enable Package) v.9.2 (beta) (x32 Version: 9.2 (beta) - Numenor, for ModTheSims2)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2326 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2326 - CyberLink Corp.) Hidden
DAEMON Tools Lite (x32 Version: 4.47.1.0335 - Disc Soft Ltd)
DeepBurner v1.9.0.228 (x32 Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Die Sims 2 (x32 Version: - )
Die Sims 2: Family Fun - Accessoires (x32 Version: - )
Die Sims 2: Nightlife (x32 Version: - )
Die Sims 2: Open For Business (x32 Version: - )
Die Sims 2: Wilde Campus-Jahre (x32 Version: - )
Die Sims™ 2 Apartment-Leben (x32 Version: - Electronic Arts)
Die Sims™ 2 Freizeit-Spaß (x32 Version: - Electronic Arts)
Die Sims™ 2 Haustiere (x32 Version: - )
Die Sims™ 2 Vier Jahreszeiten (x32 Version: - )
Die Sims™ 3 (x32 Version: 1.57.62 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (x32 Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Erstelle ein Muster-Tool (x32 Version: 1.0.0 - Electronic Arts)
Die Sims™ 3 Inselparadies (x32 Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (x32 Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (x32 Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (x32 Version: 18.0.126 - Electronic Arts)
Die*Sims*Mittelalter (x32 Version: 2.0.113 - Electronic Arts)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DivX-Setup (x32 Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKCU Version: 2.0.26 - Dropbox, Inc.)
Evernote v. 5.0.3 (x32 Version: 5.0.3.1614 - Evernote Corp.)
EViews 6 Student Version (x32 Version: - )
FeedDemon (x32 Version: 3.1.0.12 - NewsGator Technologies, Inc.)
FileZilla Client 3.3.1 (x32 Version: 3.3.1 - )
Free Audio CD Burner version 1.4.7 (x32 Version: - DVDVideoSoft Limited.)
Free Studio version 5.3.5 (x32 Version: 5.3.5 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827 - DVDVideoSoft Ltd.)
Gapminder Desktop (x32 Version: 1.0.18 - Gapminder Foundation) Hidden
Gapminder Desktop (x32 Version: 1.0beta18 - Gapminder Foundation)
GIMP 2.6.7 (x32 Version: - )
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 11.1.10400.2.65 - Nero AG) Hidden
HP Active Support Library (x32 Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (x32 Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 5.7.0.2875 - Hewlett-Packard)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Hilfe (x32 Version: 140.0.63.63 - Hewlett Packard)
HP MediaSmart DVD (x32 Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.0.3420 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3206 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3206 - Hewlett-Packard) Hidden
HP Photo Creations (x32 Version: 1.0.0.7702 - HP)
HP Picasso Media Center Add-In (x32 Version: 9.1.7.0 - Hewlett-Packard Development Company, L.P.) Hidden
HP Recovery Manager RSS (x32 Version: 92.0.0.9 - Hewlet Packard Company) Hidden
HP Support Information (x32 Version: 10.1.0001 - Hewlett-Packard)
HP Update (x32 Version: 5.003.003.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.7 - Hewlett-Packard) Hidden
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014 - Intel Corporation)
J5 Android Mirror Control (x32 Version: 13.10.0307.00.00 - MCT Corp)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.) Hidden
LightScribe System Software (x32 Version: 1.18.22.2 - LightScribe)
MainConcept DTV Decoder Standard (x32 Version: 1.5.0.2 - MainConcept GmbH)
Mathematica Player (M-WIN-D 7.0.1 1223367) (Version: 7.0.1 - Wolfram Research, Inc.)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Mathematics Add-in (32-bit) (x32 Version: 2.0.040811.01 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
MoreMotion Web Express 3.3 (x32 Version: 3.30.0000 - MOR YAZILIM)
Mouse driver v1.0 (x32 Version: - )
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU Version: - )
Nero 11 (x32 Version: 11.0.11000 - Nero AG)
Nero 11 Disc Menus Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Effects Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Image Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 PiP Effects Basic (x32 Version: 11.0.11300.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp 11 (x32 Version: 6.0.16000.13.100 - Nero AG) Hidden
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Backup Drivers (Version: 1.0.10000.1.0 - Nero AG)
Nero Burning ROM 11 (x32 Version: 11.0.12200.23.100 - Nero AG) Hidden
Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero ControlCenter 11 (x32 Version: 11.0.12300.0.23 - Nero AG) Hidden
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Core Components 11 (x32 Version: 11.0.15000.1.12 - Nero AG) Hidden
Nero CoverDesigner 11 (x32 Version: 6.0.10800.11.100 - Nero AG) Hidden
Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Express 11 (x32 Version: 11.0.11700.23.100 - Nero AG) Hidden
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.10.19300.93.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Recode 11 (x32 Version: 5.0.13300.32.100 - Nero AG) Hidden
Nero Recode 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero SoundTrax 11 (x32 Version: 5.0.10400.4.100 - Nero AG) Hidden
Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.10623.22.0 - Nero AG) Hidden
Nero Video 11 (x32 Version: 8.0.14000.21.100 - Nero AG) Hidden
Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero WaveEditor 11 (x32 Version: 6.0.10800.5.100 - Nero AG) Hidden
Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20008 - Nero AG) Hidden
NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Optimierte Multimedia-Tastatur-Lösung (x32 Version: 1.0.9.2 - Hewlett-Packard)
PDFCreator (x32 Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Python 2.5 numpy-1.0.3 (x32 Version: - )
Python 2.5.1 (x32 Version: - )
Python 2.6 pywin32-212 (x32 Version: 2.12 - Python Software Foundation)
Python 2.6.1 (x32 Version: 2.6.1150 - Python Software Foundation)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Sims2Pack Clean Installer (x32 Version: - )
Skype™ 6.10 (x32 Version: 6.10.104 - Skype Technologies S.A.)
sp43204 (x32 Version: - Hewlett-Packard)
sp44626 (x32 Version: - Hewlett-Packard)
StreamTransport version: 1.0.2.2171 (x32 Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syncables 360 (x32 Version: 7.0.809.12700 - Syncables)
TELL ME MORE (x32 Version: - Auralog)
Uninstall 1.0.0.1 (x32 Version: - )
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Userfeedback Desktop Client (x32 Version: 1.1 - © 2012 Userfeedback GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Basic for Applications (R) Core - English (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN)
welcome (x32 Version: 11.0.21500.0.4 - Nero AG) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-bit) (Version: 4.01.0 - win.rar GmbH)
Write-N-Cite (x32 Version: III - Refworks)
Wunderlist (x32 Version: 2.3.0.31 - 6 Wunderkinder GmbH) Hidden
xuggle-xuggler (x32 Version: 3.4.1012 - Xuggle)
==================== Restore Points =========================
30-10-2013 11:25:20 Removed Java 7 Update 45
30-10-2013 11:29:48 Installed Java 7 Update 45
01-11-2013 10:45:04 Windows Update
01-11-2013 11:45:02 Installed Evernote v. 5.0.3
05-11-2013 05:53:22 Windows Update
08-11-2013 21:31:57 Windows Update
12-11-2013 12:35:13 Windows Update
12-11-2013 15:43:46 Installed Bonjour Print Services
12-11-2013 15:47:36 Installed AirServer
12-11-2013 15:53:46 Removed AirServer
12-11-2013 15:54:24 Removed Bonjour-Druckdienste
12-11-2013 15:55:07 Removed Bonjour
12-11-2013 15:56:03 Removed Apple Software Update
12-11-2013 16:03:25 Installiert J5 Android Mirror Control
12-11-2013 16:06:16 Installed Samsung Kies
12-11-2013 16:13:53 Gerätetreiber-Paketinstallation: Google, Inc. SAMSUNG Android Phone
13-11-2013 19:43:09 Windows Update
13-11-2013 20:34:52 Windows Update
16-11-2013 12:31:17 Wunderlist
16-11-2013 16:43:09 Windows Update
16-11-2013 16:52:30 Wunderlist
16-11-2013 16:54:13 Wunderlist
16-11-2013 16:55:14 Wunderlist
19-11-2013 12:37:44 avast! antivirus system restore point
19-11-2013 12:46:00 Wunderlist
19-11-2013 12:48:56 Wunderlist
22-11-2013 09:08:34 Windows Update
26-11-2013 19:53:09 Windows Update
01-12-2013 13:59:57 Installiert Samsung Story Album Viewer
02-12-2013 14:46:51 Wunderlist
02-12-2013 14:49:21 Wunderlist
03-12-2013 20:10:54 Windows Update
10-12-2013 12:36:22 Windows Update
12-12-2013 11:15:18 Windows Update
15-12-2013 04:24:17 Windows Update
20-12-2013 10:06:47 Windows Update
22-12-2013 21:48:36 avast! antivirus system restore point
27-12-2013 10:34:15 Windows Update
31-12-2013 10:27:37 Windows Update
03-01-2014 15:59:30 Windows Update
09-01-2014 07:38:10 Windows Update
14-01-2014 07:53:39 Windows Update
16-01-2014 02:00:17 Windows Update
21-01-2014 17:10:02 Windows Update
24-01-2014 22:30:09 Windows Update
==================== Hosts content: ==========================
2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0FEF897B-7C82-4DB9-90EF-B71337467105} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {1BBDBC9A-97F6-48D9-B9C1-2EDCDFEA2DB3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {4AEF044D-74E2-4DCE-954C-7828CF9FFCD0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-14] (Microsoft Corporation)
Task: {5B727801-97FE-4F71-B436-A718960245EB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5E42CC7C-BB4B-4DAD-A046-FE951DCDBE65} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {76421371-EDB3-4711-8D21-E79646A77E6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01] (Google Inc.)
Task: {D85D171A-432C-455B-A02C-05ACE6BF7A58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {F3069546-D103-476E-A7E0-32135D88661F} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-06] (CyberLink)
Task: {FD6B9663-8FB8-4348-9EED-B8B3BB8657F7} - System32\Tasks\avast! Emergency Update => C:\Program Files\Avast5\AvastEmUpdate.exe [2013-12-22] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-06-22 08:21 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-12-02 18:10 - 2013-12-02 18:10 - 01685504 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveUI\2c39aad06a4d62b4d5cbef7e0f5a8a79\ReactiveUI.ni.dll
2013-12-02 18:11 - 2013-12-02 18:11 - 00035328 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Wunderkinde6f42a4a9#\caee29766d3ee283bad2720b816cae4b\Wunderkinder.Wunderlist.Data.Realtime.ni.dll
2013-12-02 18:10 - 2013-12-02 18:10 - 00535552 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Akavache.Portable\73ba8b8caa005cbcfb06ef6dc50d9108\Akavache.Portable.ni.dll
2013-12-02 18:11 - 2013-12-02 18:11 - 00049664 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Wunderkinded9c6edae#\bbe70d95d1bddce1078caa229ed5ca15\Wunderkinder.Wunderlist.Presentation.ni.dll
2013-12-02 18:10 - 2013-12-02 18:10 - 00911872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\AutoMapper\ecd1d343ba17df5d18dd673cb8cf550c\AutoMapper.ni.dll
2013-10-01 13:33 - 2013-10-01 13:33 - 00028160 _____ () C:\Program Files (x86)\Wunderlist2\AutoMapper.Net4.dll
2012-11-16 14:09 - 2012-11-16 14:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-22 09:48 - 2014-01-21 23:40 - 02156032 _____ () C:\Program Files\Avast5\defs\14012101\algo.dll
2014-01-24 23:20 - 2014-01-24 18:39 - 02166272 _____ () C:\Program Files\Avast5\defs\14012401\algo.dll
2010-10-05 00:54 - 2010-10-05 00:54 - 00036864 _____ () C:\Mouse driver\wh_hook.dll
2009-08-06 02:08 - 2009-08-06 02:08 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-09-26 13:50 - 2013-09-26 13:50 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2013-09-26 13:49 - 2013-09-26 13:49 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-11-19 13:39 - 2013-11-19 13:39 - 19336120 _____ () C:\Program Files\Avast5\libcef.dll
2013-12-22 14:54 - 2013-12-22 14:54 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-14 12:32 - 2013-08-14 12:32 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2010-09-13 22:23 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-10-20 16:08 - 2010-10-20 16:08 - 00122720 _____ () C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/24/2014 11:30:09 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-4262926374-3996198847-2749573923-1003.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {5d1493b5-82b1-45d0-97f1-b4448941b2dd}
Error: (01/24/2014 11:20:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 00:56:32 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7109.5000, Zeitstempel: 0x522a3402
Name des fehlerhaften Moduls: OUTLOOK.EXE, Version: 14.0.7109.5000, Zeitstempel: 0x522a3402
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000cf9d
ID des fehlerhaften Prozesses: 0x1b78
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
Error: (01/22/2014 11:01:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000354b
ID des fehlerhaften Prozesses: 0x680
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/22/2014 09:51:21 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1521, Zeitstempel: 0x5279a14e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x1360
Startzeit der fehlerhaften Anwendung: 0xKies.exe0
Pfad der fehlerhaften Anwendung: Kies.exe1
Pfad des fehlerhaften Moduls: Kies.exe2
Berichtskennung: Kies.exe3
Error: (01/22/2014 09:51:16 AM) (Source: .NET Runtime) (User: )
Description: Anwendung: Kies.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Win32Exception
Stapel:
bei System.Diagnostics.ProcessManager.OpenProcess(Int32, Int32, Boolean)
bei System.Diagnostics.Process.GetProcessHandle(Int32, Boolean)
bei System.Diagnostics.Process.OpenProcessHandle(Int32)
bei System.Diagnostics.Process.get_Handle()
bei Kies.App.CheckExistenceTrayAgent()
bei Kies.App..ctor()
bei Kies.App.Main()
Error: (01/22/2014 09:47:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2014 07:18:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2014 06:10:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_CryptSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17988, Zeitstempel: 0x50920c3d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000006970
ID des fehlerhaften Prozesses: 0x4e0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_CryptSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_CryptSvc1
Pfad des fehlerhaften Moduls: svchost.exe_CryptSvc2
Berichtskennung: svchost.exe_CryptSvc3
Error: (01/21/2014 06:10:02 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-4262926374-3996198847-2749573923-1003.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {ad86eeb1-57e2-4329-b7df-caa296042f51}
System errors:
=============
Error: (01/24/2014 11:22:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/24/2014 11:22:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/22/2014 11:01:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/22/2014 09:48:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/22/2014 09:48:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/21/2014 07:23:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (01/21/2014 07:20:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/21/2014 07:20:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/21/2014 07:17:45 PM) (Source: BugCheck) (User: )
Description: 0x0000001a (0x0000000000005002, 0xfffff70001080000, 0x00000000000009c2, 0x000809c3fffffffe)C:\Windows\MEMORY.DMP012114-98811-01
Error: (01/21/2014 07:17:43 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 21.01.2014 um 19:11:38 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (01/24/2014 11:30:09 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-4262926374-3996198847-2749573923-1003.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {5d1493b5-82b1-45d0-97f1-b4448941b2dd}
Error: (01/24/2014 11:20:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 00:56:32 AM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE14.0.7109.5000522a3402OUTLOOK.EXE14.0.7109.5000522a3402c00000050000cf9d1b7801cf174f0cc032d2C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEd115ed9e-83c0-11e3-aeaf-00248c9ca04b
Error: (01/22/2014 11:01:18 PM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000005000000000000354b68001cf174e5cb95a86C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dllb82e1f94-83b0-11e3-aeaf-00248c9ca04b
Error: (01/22/2014 09:51:21 AM) (Source: Application Error)(User: )
Description: Kies.exe1.0.0.15215279a14eKERNELBASE.dll6.1.7601.1822951fb1116e04343520000c41f136001cf174f084cb6b3C:\Program Files (x86)\Samsung\Kies\Kies.exeC:\Windows\syswow64\KERNELBASE.dll5d50e667-8342-11e3-aeaf-00248c9ca04b
Error: (01/22/2014 09:51:16 AM) (Source: .NET Runtime)(User: )
Description: Anwendung: Kies.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Win32Exception
Stapel:
bei System.Diagnostics.ProcessManager.OpenProcess(Int32, Int32, Boolean)
bei System.Diagnostics.Process.GetProcessHandle(Int32, Boolean)
bei System.Diagnostics.Process.OpenProcessHandle(Int32)
bei System.Diagnostics.Process.get_Handle()
bei Kies.App.CheckExistenceTrayAgent()
bei Kies.App..ctor()
bei Kies.App.Main()
Error: (01/22/2014 09:47:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2014 07:18:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2014 06:10:33 PM) (Source: Application Error)(User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc3c1msxml3.dll8.110.7601.1798850920c3dc000000500000000000069704e001cf16127d9e35ccC:\Windows\system32\svchost.exeC:\Windows\System32\msxml3.dllef716154-82be-11e3-9cd0-00248c9ca04b
Error: (01/21/2014 06:10:02 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-4262926374-3996198847-2749573923-1003.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {ad86eeb1-57e2-4329-b7df-caa296042f51}
CodeIntegrity Errors:
===================================
Date: 2010-09-12 18:57:05.207
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-09-12 18:57:05.147
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-09-12 18:57:05.082
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-09-12 18:57:05.015
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-09-12 18:57:04.928
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-09-12 18:57:04.702
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-09-12 18:57:04.639
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-09-12 18:57:04.578
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-09-12 18:57:04.515
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-09-12 18:57:04.452
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 8191.23 MB
Available physical RAM: 5097.26 MB
Total Pagefile: 16380.63 MB
Available Pagefile: 13174.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:582.33 GB) (Free:41.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.84 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:596.17 GB) (Free:446.23 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 3C4045A5)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Edit: Gmer.txt war zu groß, habe ihn als zipfile angehängt. Geändert von lanoaga (25.01.2014 um 00:56 Uhr) |
|
25.01.2014, 10:30
| #2 | |
| /// the machine /// TB-Ausbilder    | Windows 7 64-bit: laut Windows ist Avast (VistHaux.exe) deaktiviert; eine meiner Emailadressen war auf der BSI-Liste hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
26.01.2014, 03:27
| #3 |
| | Windows 7 64-bit: laut Windows ist Avast (VistHaux.exe) deaktiviert; eine meiner Emailadressen war auf der BSI-Liste Zunächst einmal vielen Dank für deine Hilfe!
__________________Hier ist der logfile vom Combofix: Code:
ATTFilter ComboFix 14-01-23.02 - Kathrin 26.01.2014 3:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8191.6123 [GMT 1:00]
ausgeführt von:: c:\users\Kathrin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Kathrin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{336EE935-0010-4DB5-A658-B6321D7153B8}.xps
c:\users\Kathrin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F7475A7C-B35C-4039-A2B0-6B0DDF6790EF}.xps
c:\users\Kathrin\AppData\Roaming\Microsoft\~DFK142cce5.tmp
c:\users\Kathrin\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Kathrin\AppData\Roaming\Microsoft\bass.dll
c:\users\Kathrin\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Kathrin\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Kathrin\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Kathrin\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Kathrin\AppData\Roaming\Microsoft\rsaadjd.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-26 bis 2014-01-26 ))))))))))))))))))))))))))))))
.
.
2014-01-26 02:12 . 2014-01-26 02:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-26 02:12 . 2014-01-26 02:12 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-01-25 00:50 . 2014-01-25 00:50 -------- d-----w- c:\users\Noa\AppData\Local\DDMSettings
2014-01-24 22:55 . 2014-01-24 22:55 -------- d-----w- C:\FRST
2014-01-24 22:43 . 2014-01-26 02:05 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BEDF6A5-4A4D-4287-8A0F-B5138B1C9474}\offreg.dll
2014-01-24 22:31 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BEDF6A5-4A4D-4287-8A0F-B5138B1C9474}\mpengine.dll
2014-01-15 23:06 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 23:06 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 23:06 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 23:06 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 23:06 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 23:06 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 23:06 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 23:06 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 02:00 . 2010-09-15 07:33 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-22 21:49 . 2013-12-22 21:49 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2013-12-22 21:49 . 2013-03-03 21:06 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-22 21:49 . 2011-02-27 11:51 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-22 21:49 . 2011-01-14 11:07 334136 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-22 21:49 . 2010-09-18 11:10 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-22 21:49 . 2010-09-18 11:10 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-22 21:49 . 2010-09-18 11:10 43152 ----a-w- c:\windows\avastSS.scr
2013-12-18 05:13 . 2009-11-22 08:21 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-16 08:14 . 2013-10-29 14:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-16 08:14 . 2013-10-29 14:40 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 12:39 . 2013-03-03 21:06 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-19 12:39 . 2012-02-24 11:46 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-15 02:09 . 2013-12-12 11:19 17847296 ----a-w- c:\windows\system32\mshtml.dll
2013-11-15 01:42 . 2013-12-12 11:18 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-11-15 01:37 . 2013-12-12 11:19 2334720 ----a-w- c:\windows\system32\jscript9.dll
2013-11-15 01:29 . 2013-12-12 11:19 1347072 ----a-w- c:\windows\system32\urlmon.dll
2013-11-15 01:29 . 2013-12-12 11:19 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-11-15 01:28 . 2013-12-12 11:19 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-15 01:28 . 2013-12-12 11:19 237056 ----a-w- c:\windows\system32\url.dll
2013-11-15 01:25 . 2013-12-12 11:19 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-15 01:22 . 2013-12-12 11:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-15 01:20 . 2013-12-12 11:19 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-11-15 01:20 . 2013-12-12 11:19 816640 ----a-w- c:\windows\system32\jscript.dll
2013-11-15 01:19 . 2013-12-12 11:19 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-11-15 01:19 . 2013-12-12 11:19 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-15 01:18 . 2013-12-12 11:19 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-15 01:18 . 2013-12-12 11:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-15 01:12 . 2013-12-12 11:19 248320 ----a-w- c:\windows\system32\ieui.dll
2013-11-14 22:50 . 2013-12-12 11:19 1806848 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-14 22:42 . 2013-12-12 11:19 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-14 22:42 . 2013-12-12 11:19 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-14 22:38 . 2013-12-12 11:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-14 22:38 . 2013-12-12 11:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-14 22:35 . 2013-12-12 11:19 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-12 02:23 . 2013-12-11 11:54 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 11:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 11:30 . 2013-10-30 11:30 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Kathrin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Kathrin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Kathrin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\Common Files\syncables Shared\java\Syncables.exe" [2010-09-22 357752]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Wunderlist"="c:\program files (x86)\Wunderlist2\Wunderlist.exe" [2013-12-02 13021792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"uni mouse driver"="c:\mouse driver\mouse_driver.exe" [2011-11-09 2972672]
"uni mouse driver tilt"="c:\mouse driver\wh_exec.exe" [2010-10-04 147456]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\Avast5\AvastUI.exe" [2013-12-22 3764024]
.
c:\users\Kath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\users\Noa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SipIMNDI;T-Home Dialerschutz VoIP Service;c:\windows\system32\DRIVERS\SipIMNDI64.sys;c:\windows\SYSNATIVE\DRIVERS\SipIMNDI64.sys [x]
R3 SKYNETU2;TechniSat DVB-PC TV Star USB 2;c:\windows\system32\DRIVERS\SkyNETU2_AMD64.SYS;c:\windows\SYSNATIVE\DRIVERS\SkyNETU2_AMD64.SYS [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys;c:\windows\SYSNATIVE\DRIVERS\whfltr2k.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - aswFsBlk
*Deregistered* - aswTdi
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-18 19:07 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 22:48]
.
2013-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 22:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-22 21:49 287280 ----a-w- c:\program files\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Kathrin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Kathrin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Kathrin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Kathrin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?hl=de&source=iglk
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Bild ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: URL notieren - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
Trusted Zone: un.org\training.dss
TCP: DhcpNameServer = 192.168.2.1
DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} - hxxp://www.freehandmusic.com/update/biblionet.cab
DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://www.freehandmusic.com/update/soleromusiccontrol.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\oiro3fzm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0e3dbc69-a682-48da-84e1-82c63a5d678e} - (no file)
Wow6432Node-HKLM-Run-hpsysdrv - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{0E3DBC69-A682-48DA-84E1-82C63A5D678E} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Studio_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-sp43204 - c:\hp\Softpaq\sp43204\sp43204.exe
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4262926374-3996198847-2749573923-1000\Software\SecuROM\License information*]
"datasecu"=hex:ce,8a,8d,04,1e,67,09,08,22,b9,23,08,78,6d,75,50,e6,17,9d,52,50,
73,36,4e,28,4a,2b,f4,fe,53,3f,62,07,88,ad,17,d2,11,07,7a,b4,8d,dc,1f,16,5b,\
"rkeysecu"=hex:40,8c,a1,25,40,2a,2c,98,ec,50,76,c0,9d,07,37,0b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-26 03:16:16
ComboFix-quarantined-files.txt 2014-01-26 02:16
.
Vor Suchlauf: 15 Verzeichnis(se), 65.969.020.928 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 119.538.569.216 Bytes frei
.
- - End Of File - - 452EC3727B0ED02A0DB1F2D6E4B317FE
|
|
26.01.2014, 08:31
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 64-bit: laut Windows ist Avast (VistHaux.exe) deaktiviert; eine meiner Emailadressen war auf der BSI-Liste Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 64-bit: laut Windows ist Avast (VistHaux.exe) deaktiviert; eine meiner Emailadressen war auf der BSI-Liste |
| adblock, antivirus, avira, bonjour, branding, browser, computer, converter, dvdvideosoft ltd., entfernen, excel, firefox, flash player, google analytics, helper, home, homepage, iexplore.exe, malware, minidump, mozilla, mp3, newtab, registry, scan, security, software, svchost.exe, system, vista, windows, windows 7 64-bit |
Linear-Darstellung
