| |
| |||||||
Log-Analyse und Auswertung: Avast findet mehrere Viren Win:32NextLife-B und andere Win:32...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.02.2014, 17:00
| #16 |
 |  Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo Cosinus hier die files FRST FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-02-2014 01
Ran by M1 (administrator) on M1-PC on 26-02-2014 16:51:28
Running from C:\Users\M1\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\Office-Web\Office-Web Center\Panel.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Skillbrains) C:\Users\M1\AppData\Local\Skillbrains\lightshot\5.0.0.2\LightShot.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-05-14] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554288 2007-11-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [70912 2008-04-15] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Laser mouse] - C:\Program Files\Office-Web\Office-Web Center\Panel.exe [233472 2005-04-25] ()
HKLM\...\Run: [NWEReboot] - [X]
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-08] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3630145962-1711427128-1675247868-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3630145962-1711427128-1675247868-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3630145962-1711427128-1675247868-1000\...\Run: [LightShot] - C:\Users\M1\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-02-03] ()
Startup: C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll No File
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default
FF Homepage: https://www.ixquick.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\quick_start@gmail.com [2014-02-23]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-12-21]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-27]
FF Extension: ep - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-23]
FF Extension: NoScript - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-27]
FF Extension: CoolPreviews - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2012-04-07]
FF Extension: Adblock Plus - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-09-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-08]
FF HKLM\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\extensions\lightningnewtab@gmail.com.xpi
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-08] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard)
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292248 2008-05-14] ()
R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116112 2008-05-14] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe [221266 2009-07-21] (IDT, Inc.)
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-02-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-02-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-08] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-02-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-08] ()
S3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [14208 2008-01-21] (Microsoft Corporation)
R3 HidMouse; C:\Windows\System32\Drivers\HidMouse.sys [25216 2005-08-18] (Hama)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-02-25] (Malwarebytes Corporation)
S3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [50048 2008-01-21] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-26 16:47 - 2014-02-26 16:47 - 00000000 ___DC () C:\Users\M1\Desktop\FRST-OlderVersion
2014-02-26 14:31 - 2014-02-26 14:31 - 00448512 ____C (OldTimer Tools) C:\Users\M1\Desktop\TFC.exe
2014-02-25 14:33 - 2014-02-25 14:33 - 00001534 ____C () C:\Users\M1\Desktop\JRT.txt
2014-02-25 14:27 - 2014-02-25 14:27 - 00000000 ___DC () C:\Windows\ERUNT
2014-02-25 14:14 - 2014-02-25 14:21 - 00000000 ___DC () C:\AdwCleaner
2014-02-25 14:12 - 2014-02-25 14:12 - 01037734 ____C (Thisisu) C:\Users\M1\Desktop\JRT.exe
2014-02-25 14:11 - 2014-02-25 14:11 - 01241834 ____C () C:\Users\M1\Desktop\adwcleaner.exe
2014-02-25 10:58 - 2014-02-25 12:04 - 00000000 ___DC () C:\Users\M1\Desktop\mbar
2014-02-25 10:58 - 2014-02-25 10:58 - 00075480 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-25 10:54 - 2014-02-25 10:55 - 12589848 ____C (Malwarebytes Corp.) C:\Users\M1\Desktop\mbar-1.07.0.1009.exe
2014-02-23 17:05 - 2014-02-26 16:51 - 00017217 ____C () C:\Users\M1\Desktop\FRST.txt
2014-02-23 17:05 - 2014-02-26 16:51 - 00000000 ___DC () C:\FRST
2014-02-23 17:05 - 2014-02-25 14:41 - 00032737 ____C () C:\Users\M1\Desktop\Addition.txt
2014-02-23 17:03 - 2014-02-23 17:03 - 00000466 ____C () C:\Users\M1\Desktop\defogger_disable.log
2014-02-23 17:03 - 2014-02-23 17:03 - 00000000 ____C () C:\Users\M1\defogger_reenable
2014-02-23 16:36 - 2014-02-26 16:47 - 01143808 ____C (Farbar) C:\Users\M1\Desktop\FRST.exe
2014-02-23 16:36 - 2014-02-23 16:36 - 00050477 ____C () C:\Users\M1\Desktop\Defogger.exe
2014-02-22 17:25 - 2014-02-26 14:15 - 00000370 ____C () C:\Windows\Tasks\update-sys.job
2014-02-22 17:25 - 2014-02-26 13:41 - 00000370 ____C () C:\Windows\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000.job
2014-02-22 17:25 - 2014-02-23 16:55 - 00000000 ___DC () C:\Users\M1\Documents\Lightshot
2014-02-22 17:25 - 2014-02-22 17:25 - 00000434 ____C () C:\Users\M1\AppData\Local\UserProducts.xml
2014-02-22 17:25 - 2014-02-22 17:25 - 00000003 ____C () C:\Users\M1\AppData\Local\updater.log
2014-02-22 17:25 - 2014-02-22 17:25 - 00000000 ___DC () C:\Program Files\Skillbrains
2014-02-22 17:24 - 2014-02-22 17:24 - 02150736 ____C (Skillbrains ) C:\Users\M1\Downloads\setup-lightshot.exe
2014-02-22 17:24 - 2014-02-22 17:24 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-02-22 17:24 - 2014-02-22 17:24 - 00000000 ___DC () C:\Users\M1\AppData\Local\Skillbrains
2014-02-16 18:22 - 2014-02-16 18:22 - 00000000 ___DC () C:\Users\M1\AppData\Local\RegistryDR
2014-02-16 18:21 - 2014-02-16 18:25 - 00000000 ___DC () C:\Users\M1\AppData\Local\cache
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\.android
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ____C () C:\Users\M1\daemonprocess.txt
2014-02-16 18:20 - 2014-02-16 18:30 - 00000000 ___DC () C:\Program Files\Registry Dr
2014-02-16 15:14 - 2014-02-16 15:14 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\gbrainy
2014-02-16 15:01 - 2014-02-16 15:01 - 00000899 ____C () C:\Users\M1\Desktop\gbrainy.lnk
2014-02-16 15:01 - 2014-02-16 15:01 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gbrainy
2014-02-16 14:53 - 2014-02-16 15:01 - 00000000 ___DC () C:\Program Files\Spiele
2014-02-16 14:48 - 2014-02-16 14:48 - 00849985 ____C () C:\Users\M1\Downloads\emotiondx.zip
2014-02-16 14:36 - 2014-02-16 14:36 - 00000559 ____C () C:\Users\Public\Desktop\Stranded II.lnk
2014-02-16 14:35 - 2014-02-16 14:35 - 13293344 ____C (Unreal Software ) C:\Users\M1\Downloads\stranded2_setup_de.exe
2014-02-16 14:34 - 2014-02-16 14:34 - 00009050 ____C () C:\Users\M1\AppData\Roaming\.freeciv-client-rc-2.4
2014-02-16 14:31 - 2014-02-16 14:34 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\.freeciv
2014-02-16 14:30 - 2014-02-16 14:31 - 00000000 ___DC () C:\Program Files\Freeciv-2.4.2-gtk2
2014-02-16 14:07 - 2014-02-16 15:15 - 00000000 ___DC () C:\Users\M1\Documents\FreeCol
2014-02-16 14:06 - 2014-02-16 14:06 - 00001684 ____C () C:\Users\Public\Desktop\FreeCol.lnk
2014-02-16 12:13 - 2014-02-16 12:13 - 00216998 ____C () C:\Users\M1\Downloads\simutrans-online-install1122.exe
2014-02-16 12:12 - 2014-02-16 12:20 - 182764979 ____C ( ) C:\Users\M1\Downloads\PatrimoniumInstaller.exe
2014-02-16 12:10 - 2014-02-16 12:10 - 00813169 ____C () C:\Users\M1\Downloads\blobby.zip
2014-02-16 12:07 - 2014-02-16 12:08 - 28215140 ____C () C:\Users\M1\Downloads\Freeciv-2.4.2-win32-gtk2-setup.exe
2014-02-16 12:04 - 2014-02-16 12:04 - 00710848 ____C ( ) C:\Users\M1\Downloads\COMPUTER_BILD-Download-Manager_fuer_stranded2_setup_de.exe
2014-02-16 11:59 - 2014-02-16 11:59 - 00710848 ____C ( ) C:\Users\M1\Downloads\COMPUTER_BILD-Download-Manager_fuer_emotiondx.exe
2014-02-16 11:56 - 2014-02-16 11:58 - 37739520 ____C () C:\Users\M1\Downloads\freecol-0.10.7-installer.exe
2014-02-16 11:55 - 2014-02-16 11:56 - 18256260 ____C () C:\Users\M1\Downloads\gbrainy-206.exe
2014-02-16 11:54 - 2014-02-16 11:55 - 08843012 ____C (Duong Khang NGUYEN ) C:\Users\M1\Downloads\opencity-0.0.6.2stable-i586-setup.exe
2014-02-15 11:40 - 2014-02-15 11:40 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-02-15 11:00 - 2014-02-26 11:01 - 00057496 ____C () C:\Windows\PFRO.log
2014-02-14 03:02 - 2014-02-05 09:58 - 12345344 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 03:02 - 2014-02-05 09:56 - 01806848 ____C (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 03:02 - 2014-02-05 09:53 - 09739264 ____C (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 03:02 - 2014-02-05 09:51 - 01105408 ____C (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 03:02 - 2014-02-05 09:50 - 01129472 ____C (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 03:02 - 2014-02-05 09:49 - 01427968 ____C (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 03:02 - 2014-02-05 09:49 - 00231936 ____C (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-14 03:02 - 2014-02-05 09:48 - 01796096 ____C (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 03:02 - 2014-02-05 09:48 - 00717824 ____C (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-14 03:02 - 2014-02-05 09:48 - 00421376 ____C (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 03:02 - 2014-02-05 09:48 - 00142848 ____C (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 03:02 - 2014-02-05 09:48 - 00065536 ____C (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 03:02 - 2014-02-05 09:47 - 02382848 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 03:02 - 2014-02-05 09:47 - 00607744 ____C (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 03:02 - 2014-02-05 09:47 - 00073216 ____C (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-14 03:02 - 2014-02-05 09:46 - 00176640 ____C (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 17:07 - 2013-12-05 03:12 - 01248768 ____C (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 22:18 - 2014-02-12 22:18 - 04721920 ____C (Piriform Ltd) C:\Users\M1\Downloads\ccsetup410.exe
2014-02-09 14:24 - 2014-02-09 14:24 - 00000000 ___DC () C:\ProgramData\Oracle
2014-02-09 14:24 - 2014-02-09 14:24 - 00000000 ___DC () C:\Program Files\Common Files\Java
2014-02-09 14:23 - 2014-02-09 14:23 - 00264616 ____C (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00175016 ____C (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00174504 ____C (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00094632 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-09 14:23 - 2014-02-09 14:23 - 00000000 ___DC () C:\Program Files\Java
2014-02-09 14:18 - 2014-02-09 14:19 - 29141928 ____C (Oracle Corporation) C:\Users\M1\Downloads\jre-7u51-windows-i586.exe
2014-02-09 14:16 - 2014-02-09 14:17 - 24677393 ____C () C:\Users\M1\Downloads\vlc-2.1.3-win32.exe
2014-02-09 14:14 - 2014-02-09 14:14 - 01138397 ____C () C:\Users\M1\Downloads\7z922.exe
2014-02-08 13:56 - 2014-02-08 13:56 - 00001873 ____C () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-08 13:56 - 2014-02-08 13:56 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\AVAST Software
2014-02-08 13:55 - 2014-02-08 13:55 - 00775952 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00410784 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00270240 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-08 13:55 - 2014-02-08 13:55 - 00180248 ____C () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00067824 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00057672 ____C (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00054832 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00049944 ____C () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00043152 ____C (AVAST Software) C:\Windows\avastSS.scr
2014-02-08 13:54 - 2014-02-08 13:54 - 00000000 ___DC () C:\Program Files\AVAST Software
2014-02-08 13:52 - 2014-02-08 13:52 - 00000000 ___DC () C:\ProgramData\AVAST Software
2014-02-08 11:53 - 2014-02-08 11:57 - 90578216 ____C (AVAST Software) C:\Users\M1\Downloads\avast_free_antivirus_setup.exe
2014-02-07 18:21 - 2014-02-07 18:21 - 00227096 ____C () C:\Users\M1\Downloads\avira_registry_cleaner_de.exe
2014-02-01 15:48 - 2014-02-01 15:48 - 00000000 ___DC () C:\ProgramData\BlueStacks
2014-02-01 15:47 - 2014-02-01 17:30 - 00002134 ____C () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-02-01 15:47 - 2014-02-01 15:47 - 00000000 ___DC () C:\Program Files\WildTangent Games
==================== One Month Modified Files and Folders =======
2014-02-26 16:51 - 2014-02-23 17:05 - 00017217 ____C () C:\Users\M1\Desktop\FRST.txt
2014-02-26 16:51 - 2014-02-23 17:05 - 00000000 ___DC () C:\FRST
2014-02-26 16:48 - 2008-10-06 17:03 - 01505751 ____C () C:\Windows\WindowsUpdate.log
2014-02-26 16:47 - 2014-02-26 16:47 - 00000000 ___DC () C:\Users\M1\Desktop\FRST-OlderVersion
2014-02-26 16:47 - 2014-02-23 16:36 - 01143808 ____C (Farbar) C:\Users\M1\Desktop\FRST.exe
2014-02-26 16:45 - 2008-10-06 17:55 - 00000269 ____C () C:\Users\Public\Documents\hpqp.ini
2014-02-26 16:45 - 2006-11-02 14:01 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-02-26 16:45 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 16:45 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 16:44 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 16:43 - 2008-06-13 03:37 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-26 16:22 - 2012-09-01 20:58 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-26 14:31 - 2014-02-26 14:31 - 00448512 ____C (OldTimer Tools) C:\Users\M1\Desktop\TFC.exe
2014-02-26 14:15 - 2014-02-22 17:25 - 00000370 ____C () C:\Windows\Tasks\update-sys.job
2014-02-26 13:41 - 2014-02-22 17:25 - 00000370 ____C () C:\Windows\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000.job
2014-02-26 11:01 - 2014-02-15 11:00 - 00057496 ____C () C:\Windows\PFRO.log
2014-02-25 17:01 - 2012-04-07 13:27 - 00000000 ___DC () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-25 16:59 - 2012-04-07 13:27 - 00000906 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 14:41 - 2014-02-23 17:05 - 00032737 ____C () C:\Users\M1\Desktop\Addition.txt
2014-02-25 14:33 - 2014-02-25 14:33 - 00001534 ____C () C:\Users\M1\Desktop\JRT.txt
2014-02-25 14:27 - 2014-02-25 14:27 - 00000000 ___DC () C:\Windows\ERUNT
2014-02-25 14:21 - 2014-02-25 14:14 - 00000000 ___DC () C:\AdwCleaner
2014-02-25 14:12 - 2014-02-25 14:12 - 01037734 ____C (Thisisu) C:\Users\M1\Desktop\JRT.exe
2014-02-25 14:11 - 2014-02-25 14:11 - 01241834 ____C () C:\Users\M1\Desktop\adwcleaner.exe
2014-02-25 12:04 - 2014-02-25 10:58 - 00000000 ___DC () C:\Users\M1\Desktop\mbar
2014-02-25 11:36 - 2006-11-02 12:18 - 00000000 ___DC () C:\Windows\nap
2014-02-25 10:58 - 2014-02-25 10:58 - 00075480 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-25 10:55 - 2014-02-25 10:54 - 12589848 ____C (Malwarebytes Corp.) C:\Users\M1\Desktop\mbar-1.07.0.1009.exe
2014-02-24 14:01 - 2009-01-12 18:37 - 00009194 ____C () C:\Users\M1\AppData\Roaming\wklnhst.dat
2014-02-24 13:53 - 2013-11-09 13:25 - 00002617 ____C () C:\Users\M1\Desktop\Microsoft Word 2010.lnk
2014-02-23 17:03 - 2014-02-23 17:03 - 00000466 ____C () C:\Users\M1\Desktop\defogger_disable.log
2014-02-23 17:03 - 2014-02-23 17:03 - 00000000 ____C () C:\Users\M1\defogger_reenable
2014-02-23 17:03 - 2008-12-18 15:09 - 00000000 ___DC () C:\Users\M1
2014-02-23 16:55 - 2014-02-22 17:25 - 00000000 ___DC () C:\Users\M1\Documents\Lightshot
2014-02-23 16:36 - 2014-02-23 16:36 - 00050477 ____C () C:\Users\M1\Desktop\Defogger.exe
2014-02-23 16:20 - 2012-09-01 20:58 - 00692616 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-23 16:20 - 2012-09-01 20:58 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 16:20 - 2008-12-19 00:24 - 00000000 ___DC () C:\Users\M1\AppData\Local\Adobe
2014-02-22 17:25 - 2014-02-22 17:25 - 00000434 ____C () C:\Users\M1\AppData\Local\UserProducts.xml
2014-02-22 17:25 - 2014-02-22 17:25 - 00000003 ____C () C:\Users\M1\AppData\Local\updater.log
2014-02-22 17:25 - 2014-02-22 17:25 - 00000000 ___DC () C:\Program Files\Skillbrains
2014-02-22 17:24 - 2014-02-22 17:24 - 02150736 ____C (Skillbrains ) C:\Users\M1\Downloads\setup-lightshot.exe
2014-02-22 17:24 - 2014-02-22 17:24 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-02-22 17:24 - 2014-02-22 17:24 - 00000000 ___DC () C:\Users\M1\AppData\Local\Skillbrains
2014-02-22 16:54 - 2014-01-11 19:15 - 00000000 ___DC () C:\Program Files\CyberGhost 5
2014-02-22 11:46 - 2013-03-19 01:14 - 00000000 __RDC () C:\Program Files\Skype
2014-02-22 11:46 - 2010-04-23 16:09 - 00000000 ___DC () C:\ProgramData\Skype
2014-02-18 18:51 - 2006-11-02 12:18 - 00000000 ___DC () C:\Windows\Microsoft.NET
2014-02-16 18:30 - 2014-02-16 18:20 - 00000000 ___DC () C:\Program Files\Registry Dr
2014-02-16 18:28 - 2012-09-01 04:32 - 00001763 ____C () C:\Users\M1\Desktop\Start Download Manager.lnk
2014-02-16 18:28 - 2008-12-19 00:53 - 00000846 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-16 18:28 - 2008-12-18 15:17 - 00000949 ____C () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-16 18:25 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\AppData\Local\cache
2014-02-16 18:22 - 2014-02-16 18:22 - 00000000 ___DC () C:\Users\M1\AppData\Local\RegistryDR
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\.android
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ____C () C:\Users\M1\daemonprocess.txt
2014-02-16 15:15 - 2014-02-16 14:07 - 00000000 ___DC () C:\Users\M1\Documents\FreeCol
2014-02-16 15:14 - 2014-02-16 15:14 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\gbrainy
2014-02-16 15:01 - 2014-02-16 15:01 - 00000899 ____C () C:\Users\M1\Desktop\gbrainy.lnk
2014-02-16 15:01 - 2014-02-16 15:01 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gbrainy
2014-02-16 15:01 - 2014-02-16 14:53 - 00000000 ___DC () C:\Program Files\Spiele
2014-02-16 14:55 - 2008-12-20 14:59 - 00000349 ____C () C:\Users\Public\Documents\PCLECHAL.INI
2014-02-16 14:48 - 2014-02-16 14:48 - 00849985 ____C () C:\Users\M1\Downloads\emotiondx.zip
2014-02-16 14:36 - 2014-02-16 14:36 - 00000559 ____C () C:\Users\Public\Desktop\Stranded II.lnk
2014-02-16 14:35 - 2014-02-16 14:35 - 13293344 ____C (Unreal Software ) C:\Users\M1\Downloads\stranded2_setup_de.exe
2014-02-16 14:34 - 2014-02-16 14:34 - 00009050 ____C () C:\Users\M1\AppData\Roaming\.freeciv-client-rc-2.4
2014-02-16 14:34 - 2014-02-16 14:31 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\.freeciv
2014-02-16 14:31 - 2014-02-16 14:30 - 00000000 ___DC () C:\Program Files\Freeciv-2.4.2-gtk2
2014-02-16 14:06 - 2014-02-16 14:06 - 00001684 ____C () C:\Users\Public\Desktop\FreeCol.lnk
2014-02-16 12:20 - 2014-02-16 12:12 - 182764979 ____C ( ) C:\Users\M1\Downloads\PatrimoniumInstaller.exe
2014-02-16 12:13 - 2014-02-16 12:13 - 00216998 ____C () C:\Users\M1\Downloads\simutrans-online-install1122.exe
2014-02-16 12:10 - 2014-02-16 12:10 - 00813169 ____C () C:\Users\M1\Downloads\blobby.zip
2014-02-16 12:08 - 2014-02-16 12:07 - 28215140 ____C () C:\Users\M1\Downloads\Freeciv-2.4.2-win32-gtk2-setup.exe
2014-02-16 12:04 - 2014-02-16 12:04 - 00710848 ____C ( ) C:\Users\M1\Downloads\COMPUTER_BILD-Download-Manager_fuer_stranded2_setup_de.exe
2014-02-16 11:59 - 2014-02-16 11:59 - 00710848 ____C ( ) C:\Users\M1\Downloads\COMPUTER_BILD-Download-Manager_fuer_emotiondx.exe
2014-02-16 11:58 - 2014-02-16 11:56 - 37739520 ____C () C:\Users\M1\Downloads\freecol-0.10.7-installer.exe
2014-02-16 11:56 - 2014-02-16 11:55 - 18256260 ____C () C:\Users\M1\Downloads\gbrainy-206.exe
2014-02-16 11:55 - 2014-02-16 11:54 - 08843012 ____C (Duong Khang NGUYEN ) C:\Users\M1\Downloads\opencity-0.0.6.2stable-i586-setup.exe
2014-02-16 10:47 - 2012-05-07 21:36 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2014-02-15 11:59 - 2006-11-02 11:33 - 01541688 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 11:40 - 2014-02-15 11:40 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-02-14 03:20 - 2008-06-13 05:07 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-02-14 03:12 - 2013-07-13 23:23 - 00000000 ___DC () C:\Windows\system32\MRT
2014-02-14 03:09 - 2006-11-02 11:24 - 85946576 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-14 03:04 - 2006-11-02 11:23 - 00000240 ____C () C:\Windows\win.ini
2014-02-12 22:18 - 2014-02-12 22:18 - 04721920 ____C (Piriform Ltd) C:\Users\M1\Downloads\ccsetup410.exe
2014-02-09 14:24 - 2014-02-09 14:24 - 00000000 ___DC () C:\ProgramData\Oracle
2014-02-09 14:24 - 2014-02-09 14:24 - 00000000 ___DC () C:\Program Files\Common Files\Java
2014-02-09 14:23 - 2014-02-09 14:23 - 00264616 ____C (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00175016 ____C (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00174504 ____C (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00094632 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-09 14:23 - 2014-02-09 14:23 - 00000000 ___DC () C:\Program Files\Java
2014-02-09 14:21 - 2013-09-19 12:48 - 00000859 ____C () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-09 14:19 - 2014-02-09 14:18 - 29141928 ____C (Oracle Corporation) C:\Users\M1\Downloads\jre-7u51-windows-i586.exe
2014-02-09 14:17 - 2014-02-09 14:16 - 24677393 ____C () C:\Users\M1\Downloads\vlc-2.1.3-win32.exe
2014-02-09 14:14 - 2014-02-09 14:14 - 01138397 ____C () C:\Users\M1\Downloads\7z922.exe
2014-02-08 13:56 - 2014-02-08 13:56 - 00001873 ____C () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-08 13:56 - 2014-02-08 13:56 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\AVAST Software
2014-02-08 13:55 - 2014-02-08 13:55 - 00775952 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00410784 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00270240 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-08 13:55 - 2014-02-08 13:55 - 00180248 ____C () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00067824 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00057672 ____C (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00054832 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00049944 ____C () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00043152 ____C (AVAST Software) C:\Windows\avastSS.scr
2014-02-08 13:54 - 2014-02-08 13:54 - 00000000 ___DC () C:\Program Files\AVAST Software
2014-02-08 13:52 - 2014-02-08 13:52 - 00000000 ___DC () C:\ProgramData\AVAST Software
2014-02-08 13:48 - 2009-02-21 17:09 - 00003207 ____C () C:\Windows\system32\sdkinst.log
2014-02-08 13:45 - 2013-09-24 18:22 - 00000000 ___DC () C:\ProgramData\Avira
2014-02-08 11:57 - 2014-02-08 11:53 - 90578216 ____C (AVAST Software) C:\Users\M1\Downloads\avast_free_antivirus_setup.exe
2014-02-07 18:21 - 2014-02-07 18:21 - 00227096 ____C () C:\Users\M1\Downloads\avira_registry_cleaner_de.exe
2014-02-07 18:13 - 2008-12-18 18:44 - 00043520 ____C () C:\Users\M1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-05 09:58 - 2014-02-14 03:02 - 12345344 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-14 03:02 - 01806848 ____C (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-14 03:02 - 09739264 ____C (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-14 03:02 - 01105408 ____C (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-14 03:02 - 01129472 ____C (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-14 03:02 - 01427968 ____C (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-14 03:02 - 00231936 ____C (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-14 03:02 - 01796096 ____C (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-14 03:02 - 00717824 ____C (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-14 03:02 - 00421376 ____C (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-14 03:02 - 00142848 ____C (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-14 03:02 - 00065536 ____C (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-14 03:02 - 02382848 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-14 03:02 - 00607744 ____C (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-14 03:02 - 00073216 ____C (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-14 03:02 - 00176640 ____C (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-02 19:05 - 2012-06-28 22:10 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\vlc
2014-02-01 17:35 - 2008-06-13 04:38 - 00000000 ___DC () C:\ProgramData\WildTangent
2014-02-01 17:30 - 2014-02-01 15:47 - 00002134 ____C () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-02-01 15:48 - 2014-02-01 15:48 - 00000000 ___DC () C:\ProgramData\BlueStacks
2014-02-01 15:48 - 2008-12-18 18:14 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\WildTangent
2014-02-01 15:48 - 2008-06-13 04:38 - 00000000 ___DC () C:\Program Files\HP Games
2014-02-01 15:47 - 2014-02-01 15:47 - 00000000 ___DC () C:\Program Files\WildTangent Games
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-26 16:51
==================== End Of Log ============================
--- --- --- --- --- --- und addition FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-02-2014 01
Ran by M1 at 2014-02-26 16:52:12
Running from C:\Users\M1\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Ashampoo Burning Studio 2009 Advanced (HKLM\...\Ashampoo Burning Studio 2009 Advanced_is1) (Version: 9.0.0 - ashampoo GmbH & Co. KG)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{789EC9D6-5A0D-3CCA-957D-D0523BDE1638}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
BIAS SoundSoap PE 2.1 (HKLM\...\{42442CA9-90E6-4011-BB55-7C263F6D5EC1}) (Version: 2.1.1 - BIAS Inc)
BIAS SoundSoap PE 2.1.1 (HKLM\...\{8709C596-C0B4-415D-9281-AC846B39EA76}) (Version: 2.1.1 - BIAS Inc)
Catalyst Control Center - Branding (HKLM\...\{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0508.2151.37248 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Czech (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Danish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Dutch (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help English (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Finnish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help French (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help German (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Greek (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Italian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Japanese (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Korean (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Polish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Russian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Spanish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Swedish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Thai (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Turkish (Version: 2008.0508.2150.37248 - ATI) Hidden
ccc-core-static (Version: 2008.0508.2151.37248 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.0508.2151.37248 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
Freeciv 2.4.2 (GTK+2 client) (HKLM\...\Freeciv-2.4.2-gtk2) (Version: - )
gbrainy 2.06 (HKLM\...\gbrainy) (Version: 2.06 - )
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{794EB9A9-BB26-4FA5-AC2C-E3AE166C7427}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Quick Launch Buttons 6.40 D3 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 D3 - Hewlett-Packard)
HP QuickPlay 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP QuickTouch 1.00 D2 (HKLM\...\{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}) (Version: 1.0.9 - Hewlett-Packard)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0103 (HKLM\...\{B8169E45-8E23-430B-91D1-EC64540C8ED0}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{A5CE7175-080D-49AC-B5A3-E7E3502428F5}) (Version: 3.00 I2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.1.0 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.5893.0 - IDT)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.11.02 - JMicron Technology Corp.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LightScribe System Software 1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
lightshot-5.0.0.2 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.0.0.2 - Skillbrains)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PhotoDraw 2000 V2 (HKLM\...\{3C5EA394-1031-11D2-A2CB-00C04F72F31D}) (Version: 2.00.00.1429 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft Works Suite-Add-Ins für Microsoft Word (HKLM\...\{90F1DDBF-0C56-44B0-A920-72CC90C51565}) (Version: 8.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
Office-Web Center (HKLM\...\{235C3A50-559F-4CAA-BAC3-4CC9ABF51976}) (Version: 1.00.4 Build 050111 - Office-Web)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.6 - Frank Heindörfer, Philip Chinery)
PDFCreator Toolbar (HKLM\...\PDFCreator Toolbar) (Version: 3.3.0.1 - )
Pinnacle Instant DVD Recorder (HKLM\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 2.00.088 - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
proDAD Heroglyph 2.5 (HKLM\...\proDAD-Heroglyph-2.5) (Version: - )
proDAD Vitascene 1.0 (HKLM\...\proDAD-Vitascene-1.0) (Version: - )
ProtectSmart Hard Drive Protection (HKLM\...\{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}) (Version: 3.10 A7 - Hewlett-Packard)
QuickPlay SlingPlayer 0.4.6 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.6 - SlingMedia)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Setup-Start von Microsoft Works Suite 2006 (HKLM\...\Works2006Setup) (Version: - )
Skins (Version: 2008.0508.2151.37248 - ATI) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Stranded II 1.0.0.1 (HKLM\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version: - Unreal Software)
Studio 11 (HKLM\...\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}) (Version: 11.0 - Pinnacle Systems)
Studio 11 (Version: 11.0.0.0 - Pinnacle Systems) Hidden
Studio 11 Bonus DVD (HKLM\...\{45A1BF92-700A-4408-B95E-79F462E3D67D}) (Version: 11.0.0.0 - Pinnacle Systems)
Studio Ultimate (HKLM\...\{CC874CBB-BD87-4126-9465-AE73BB62D6E0}) (Version: 11.00.0013 - Pinnacle Systems)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.0.9 - Shark007)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games App für HP (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Works Update (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
XMedia Recode 2.1.0.3 (HKLM\...\XMedia Recode) (Version: 2.1.0.3 - Sebastian Dörfler)
Yahoo! Desktop Login (Version: 1.00.0001 - Pinnacle Systems) Hidden
Zylom Games Player Plugin (HKLM\...\Zylom Games Player Plugin) (Version: - Zylom Games)
==================== Restore Points =========================
23-02-2014 00:00:03 Geplanter Prüfpunkt
23-02-2014 19:18:32 Geplanter Prüfpunkt
25-02-2014 10:34:46 Malwarebytes Anti-Rootkit Restore Point
26-02-2014 11:22:18 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0149A0CF-8754-43D9-848C-2BCE22B76D38} - System32\Tasks\{1FC2BF8D-82CB-4F18-95A8-FB3741E57E3E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {28837A50-62C5-4A23-83F5-487ABB265E2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3C6D907A-329B-4135-9791-E07E4D826DC4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {47471E57-194C-496C-826D-9F8BD99B13D7} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {4BAAFEFA-0211-48DC-A883-D936ADF852BA} - System32\Tasks\RegistryDr_Start => C:\Program Files\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {8B4D6D63-AB81-47F1-AB3B-99918A51D529} - System32\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {8E2E5D3C-7381-4AE7-AF60-DA9E4AA574BD} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {AF767A8A-5CB1-4D8C-BC78-4B68DE5F44CD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-08] (AVAST Software)
Task: {B06CB7B9-FBE2-45BA-988D-D72C20F3EA97} - System32\Tasks\bench-Updater removing
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F919EDEE-73EE-46CE-9532-0642C5592D01} - System32\Tasks\RegistryDr_Popup => C:\Program Files\Registry Dr\Splash.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
==================== Loaded Modules (whitelisted) =============
2014-02-26 14:38 - 2014-02-26 11:39 - 02185216 ____C () C:\Program Files\AVAST Software\Avast\defs\14022600\algo.dll
2009-01-18 15:46 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2008-05-08 23:14 - 2008-05-08 23:14 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 ____C () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-02-21 18:08 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00292248 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2008-06-13 04:12 - 2008-05-14 21:56 - 00259480 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00038184 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00116112 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2008-06-13 05:32 - 2008-03-26 14:26 - 00341328 _____ () C:\Windows\SMINST\BLService.exe
2008-06-13 05:32 - 2006-09-13 12:54 - 00081920 _____ () C:\Windows\SMINST\STString.dll
2008-06-13 05:32 - 2007-11-14 14:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2008-12-18 16:52 - 2005-04-25 18:51 - 00233472 _____ () C:\Program Files\Office-Web\Office-Web Center\Panel.exe
2008-12-18 16:52 - 2005-04-25 18:53 - 01089536 _____ () C:\Windows\system32\XWheel.dll
2008-06-13 05:23 - 2007-01-09 10:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2014-02-08 13:55 - 2014-02-08 13:55 - 19336120 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00066856 _____ () C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll
2008-02-27 13:48 - 2008-02-27 13:48 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2008-06-13 04:25 - 2008-04-11 08:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/26/2014 04:45:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 04:45:08 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel 0x4cd2e07b, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000a249,
Prozess-ID 0x9b0, Anwendungsstartzeit taskeng.exe0.
Error: (02/26/2014 04:43:53 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (02/26/2014 04:39:00 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel 0x4cd2e07b, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000a249,
Prozess-ID 0xfd4, Anwendungsstartzeit taskeng.exe0.
Error: (02/26/2014 02:38:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 02:37:52 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel 0x4cd2e07b, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000a249,
Prozess-ID 0xadc, Anwendungsstartzeit taskeng.exe0.
Error: (02/26/2014 00:28:27 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung QPSched.exe, Version 5.0.0.2914, Zeitstempel 0x482aeec4, fehlerhaftes Modul QPSched.exe, Version 5.0.0.2914, Zeitstempel 0x482aeec4, Ausnahmecode 0xc0000005, Fehleroffset 0x00007684,
Prozess-ID 0x924, Anwendungsstartzeit QPSched.exe0.
Error: (02/26/2014 11:02:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 11:02:33 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel 0x4cd2e07b, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000a249,
Prozess-ID 0xddc, Anwendungsstartzeit taskeng.exe0.
Error: (02/25/2014 09:35:16 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
System errors:
=============
Error: (02/26/2014 04:45:31 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (02/26/2014 04:29:25 PM) (Source: Dhcp) (User: )
Description: Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00234D8658E4 zugeteilt werden. Der folgende Fehler ist aufgetreten:
%%121. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error: (02/26/2014 04:11:19 PM) (Source: Dhcp) (User: )
Description: Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00234D8658E4 zugeteilt werden. Der folgende Fehler ist aufgetreten:
%%121. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error: (02/26/2014 03:20:45 PM) (Source: VDS Dynamic Provider) (User: )
Description: Der Anbieter konnte Benachrichtigungen nicht speichern, die vom Treiber stammen. Der Dienst für virtuelle Datenträger muss neu gestartet werden. hr=80042505
Error: (02/26/2014 02:38:17 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (02/26/2014 02:33:43 PM) (Source: Service Control Manager) (User: )
Description: Ati External Event Utility1
Error: (02/26/2014 00:28:34 PM) (Source: Service Control Manager) (User: )
Description: QuickPlay Task Scheduler (QTS)1
Error: (02/26/2014 11:02:56 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (02/25/2014 09:31:50 PM) (Source: VDS Dynamic Provider) (User: )
Description: Der Anbieter konnte Benachrichtigungen nicht speichern, die vom Treiber stammen. Der Dienst für virtuelle Datenträger muss neu gestartet werden. hr=80042505
Error: (02/25/2014 06:49:13 PM) (Source: VDS Dynamic Provider) (User: )
Description: Der Anbieter konnte Benachrichtigungen nicht speichern, die vom Treiber stammen. Der Dienst für virtuelle Datenträger muss neu gestartet werden. hr=80042505
Microsoft Office Sessions:
=========================
Error: (02/26/2014 04:45:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 04:45:08 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6002.183424cd2e07bmsvcrt.dll7.0.6002.185514ee8cc5ac00000050000a2499b001cf3309b9bf9a0e
Error: (02/26/2014 04:43:53 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (02/26/2014 04:39:00 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6002.183424cd2e07bmsvcrt.dll7.0.6002.185514ee8cc5ac00000050000a249fd401cf32f823f5f5b7
Error: (02/26/2014 02:38:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 02:37:52 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6002.183424cd2e07bmsvcrt.dll7.0.6002.185514ee8cc5ac00000050000a249adc01cf32f7f1f3ed67
Error: (02/26/2014 00:28:27 PM) (Source: Application Error)(User: )
Description: QPSched.exe5.0.0.2914482aeec4QPSched.exe5.0.0.2914482aeec4c00000050000768492401cf32d9c8becec4
Error: (02/26/2014 11:02:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 11:02:33 AM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6002.183424cd2e07bmsvcrt.dll7.0.6002.185514ee8cc5ac00000050000a249ddc01cf32d9ddc56044
Error: (02/25/2014 09:35:16 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
CodeIntegrity Errors:
===================================
Date: 2014-02-26 16:52:03.637
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-26 16:52:02.732
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-26 16:52:01.999
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-26 16:52:00.938
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-26 16:52:00.220
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-26 16:51:59.565
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-26 16:51:58.754
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-26 16:51:57.912
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-26 16:51:38.630
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-26 16:51:37.959
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3068.9 MB
Available physical RAM: 1920.15 MB
Total Pagefile: 6342.31 MB
Available Pagefile: 5297.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:289.24 GB) (Free:51.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.84 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7129B57F)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Mir fällt beim Durchsehen der Addition ein, dass sich mal nach einem Download "RegistryDr" als Startseite eingestellt hatte oder sonst als Pop up kam! Ich weiß es nicht mehr genau? Das war von mir jedenfalls nicht eingegeben! Habe es bei programme bei mir gefunden - Soll ich das Programm deinstallieren? Was siehst du da sonst noch? Gruß rairai Geändert von rairai (26.02.2014 um 17:42 Uhr) |
|
27.02.2014, 00:27
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.
__________________Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {4BAAFEFA-0211-48DC-A883-D936ADF852BA} - System32\Tasks\RegistryDr_Start => C:\Program Files\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {8E2E5D3C-7381-4AE7-AF60-DA9E4AA574BD} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F919EDEE-73EE-46CE-9532-0642C5592D01} - System32\Tasks\RegistryDr_Popup => C:\Program Files\Registry Dr\Splash.exe <==== ATTENTION
C:\Program Files\Registry Dr
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ |
|
27.02.2014, 10:13
| #18 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo Cosinus,
__________________hier das Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-02-2014 01
Ran by M1 at 2014-02-27 10:09:44 Run:2
Running from C:\Users\M1\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {4BAAFEFA-0211-48DC-A883-D936ADF852BA} - System32\Tasks\RegistryDr_Start => C:\Program Files\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {8E2E5D3C-7381-4AE7-AF60-DA9E4AA574BD} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F919EDEE-73EE-46CE-9532-0642C5592D01} - System32\Tasks\RegistryDr_Popup => C:\Program Files\Registry Dr\Splash.exe <==== ATTENTION
C:\Program Files\Registry Dr
*****************
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4BAAFEFA-0211-48DC-A883-D936ADF852BA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BAAFEFA-0211-48DC-A883-D936ADF852BA} => Key deleted successfully.
C:\Windows\System32\Tasks\RegistryDr_Start => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Start => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E2E5D3C-7381-4AE7-AF60-DA9E4AA574BD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E2E5D3C-7381-4AE7-AF60-DA9E4AA574BD} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\WSHReset => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F919EDEE-73EE-46CE-9532-0642C5592D01} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F919EDEE-73EE-46CE-9532-0642C5592D01} => Key deleted successfully.
C:\Windows\System32\Tasks\RegistryDr_Popup => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Popup => Key deleted successfully.
C:\Program Files\Registry Dr => Moved successfully.
==== End of Fixlog ====
aber - Load DLL - "Hook Load failed" kommt noch bei jedem Start Gruß rairai Geändert von rairai (27.02.2014 um 10:32 Uhr) |
|
27.02.2014, 11:56
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Versuchen wir es mal zu finden, in FRST seh ich dazu nämlich nix Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.02.2014, 13:07
| #20 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo Cosinus, hier ist das Ergebnis: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 13:01 on 27/02/2014 by M1
Administrator - Elevation successful
========== regfind ==========
Searching for "hook.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aswRdr\Parameters]
"WSIgnoreLSPDefault"="nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aswRdr\Parameters]
"WSIgnoreLSPDefault"="nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\aswRdr\Parameters]
"WSIgnoreLSPDefault"="nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aswRdr\Parameters]
"WSIgnoreLSPDefault"="nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters]
"WSIgnoreLSPDefault"="nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll"
-= EOF =-
CLShed Modul wird wegen eines Fehlers nicht mehr richtig ausgeführt - wird beendet und geschlossen- rairai |
|
27.02.2014, 13:23
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Ich seh da zu nix in den Logs. Probier mal => http://www.trojaner-board.de/126216-...tml#post946713
__________________ --> Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... |
|
27.02.2014, 15:46
| #22 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo Cosinus,  das klappt nicht!Tweaking hat erst mal gemeldet es gibt eine neue Version, die habe ich als Update auch heruntergeladen. Dann wie angegeben: Step 2 geklickt , Pc macht einen Neustart , es kommen die 2 Meldungen. Load DLL - Hook Load failed! und Windows: Aufgaben und Planungsmodul wird wegen eines Fehlers beendet und geschlossen und dann tut sich nichts mehr Kann es sein, dass durch das beschädigte Aufgabenplanungsmodul nach dem Neustart dieser Scan-Auftrag nicht mehr da ist?? Woran merke ich denn, dass tweaking den Disk Check macht? So geht es jedenfalls nicht ?? rairai Geändert von rairai (27.02.2014 um 15:55 Uhr) |
|
27.02.2014, 16:36
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Dann gehen wir mal "alte" Wege mit einem Tool, welches ich eigentlich nicht mehr einsetze: OSAM => http://www.trojaner-board.de/85306-a...n-manager.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.02.2014, 16:46
| #24 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo Cosinus, ich habe nach 2 erfolglosen Versuchen bei step 2 die obere Variante genommen "sehen ob es einen disk check braucht" das verlangt keinen Neustart - die weiteren Schritte step 3 ging und step 4 - start repairs ist noch am laufen poste gerade von anderem PC  ergebnis folgt dann rairai |
|
27.02.2014, 17:51
| #25 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo Cosinus, so hat etwas gedauert - auch weil das Windows_Repair_logfile recht gut versteckt war, siehe screenshot anbei hier ist das file Code:
ATTFilter
System Variables
--------------------------------------------------------------------------------
OS: Windows Vista (TM) Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: M1-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\M1
Current Profile SID: S-1-5-21-3630145962-1711427128-1675247868-1000
Current Profile Classes: S-1-5-21-3630145962-1711427128-1675247868-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\M1\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:48:05
Process Count: 77
Commit Total: 1,19 GB
Commit Limit: 6,22 GB
Commit Peak: 1,25 GB
Handle Count: 20233
Kernel Total: 200,89 MB
Kernel Paged: 144,27 MB
Kernel Non Paged: 56,61 MB
System Cache: 2,03 GB
Thread Count: 872
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,00 GB
Memory Used: 1,31 GB(43,7732%)
Memory Avail.: 1,69 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,00 GB
Memory Used: 958,58 MB(31,2353%)
Memory Avail.: 2,06 GB
--------------------------------------------------------------------------------
Starting Repairs...
Start (27.02.2014 16:23:25)
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (27.02.2014 16:23:25)
Running Repair Under Current User Account
Done (27.02.2014 16:23:47)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (27.02.2014 16:23:47)
Running Repair Under System Account
Done (27.02.2014 16:30:31)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (27.02.2014 16:30:31)
Running Repair Under System Account
Done (27.02.2014 16:31:39)
02 - Reset File Permissions 01/16
C:\AdwCleaner & Sub Folders
Start (27.02.2014 16:31:39)
Running Repair Under System Account
Done (27.02.2014 16:31:48)
02 - Reset File Permissions 02/16
C:\Binaries & Sub Folders
Start (27.02.2014 16:31:48)
Running Repair Under System Account
Done (27.02.2014 16:31:50)
02 - Reset File Permissions 03/16
C:\boot & Sub Folders
Start (27.02.2014 16:31:50)
Running Repair Under System Account
Done (27.02.2014 16:31:53)
02 - Reset File Permissions 04/16
C:\Dokumente und Einstellungen & Sub Folders
Start (27.02.2014 16:31:53)
Running Repair Under System Account
Done (27.02.2014 16:34:57)
02 - Reset File Permissions 05/16
C:\FRST & Sub Folders
Start (27.02.2014 16:34:57)
Running Repair Under System Account
Done (27.02.2014 16:34:59)
02 - Reset File Permissions 06/16
C:\HP & Sub Folders
Start (27.02.2014 16:34:59)
Running Repair Under System Account
Done (27.02.2014 16:35:12)
02 - Reset File Permissions 07/16
C:\MSOCache & Sub Folders
Start (27.02.2014 16:35:12)
Running Repair Under System Account
Done (27.02.2014 16:35:15)
02 - Reset File Permissions 08/16
C:\PerfLogs & Sub Folders
Start (27.02.2014 16:35:15)
Running Repair Under System Account
Done (27.02.2014 16:35:19)
02 - Reset File Permissions 09/16
C:\Program Files & Sub Folders
Start (27.02.2014 16:35:19)
Running Repair Under System Account
Done (27.02.2014 16:40:38)
02 - Reset File Permissions 10/16
C:\ProgramData & Sub Folders
Start (27.02.2014 16:40:38)
Running Repair Under System Account
Done (27.02.2014 16:41:04)
02 - Reset File Permissions 11/16
C:\Programme & Sub Folders
Start (27.02.2014 16:41:04)
Running Repair Under System Account
Done (27.02.2014 16:43:30)
02 - Reset File Permissions 12/16
C:\RegBackup & Sub Folders
Start (27.02.2014 16:43:30)
Running Repair Under System Account
Done (27.02.2014 16:43:33)
02 - Reset File Permissions 13/16
C:\SWSETUP & Sub Folders
Start (27.02.2014 16:43:33)
Running Repair Under System Account
Done (27.02.2014 16:44:15)
02 - Reset File Permissions 14/16
C:\System.sav & Sub Folders
Start (27.02.2014 16:44:15)
Running Repair Under System Account
Done (27.02.2014 16:44:21)
02 - Reset File Permissions 15/16
C:\Temp & Sub Folders
Start (27.02.2014 16:44:21)
Running Repair Under System Account
Done (27.02.2014 16:44:24)
02 - Reset File Permissions 16/16
C:\Windows & Sub Folders
Start (27.02.2014 16:44:24)
Running Repair Under System Account
Done (27.02.2014 16:51:00)
02 - Reset File Permissions 01/07
D:\boot & Sub Folders
Start (27.02.2014 16:51:00)
Running Repair Under System Account
Done (27.02.2014 16:51:02)
02 - Reset File Permissions 02/07
D:\HP & Sub Folders
Start (27.02.2014 16:51:02)
Running Repair Under System Account
Done (27.02.2014 16:51:05)
02 - Reset File Permissions 03/07
D:\PRELOAD & Sub Folders
Start (27.02.2014 16:51:05)
Running Repair Under System Account
Done (27.02.2014 16:51:07)
02 - Reset File Permissions 04/07
D:\RECOVERY & Sub Folders
Start (27.02.2014 16:51:07)
Running Repair Under System Account
Done (27.02.2014 16:51:10)
02 - Reset File Permissions 05/07
D:\SOURCES & Sub Folders
Start (27.02.2014 16:51:10)
Running Repair Under System Account
Done (27.02.2014 16:51:13)
02 - Reset File Permissions 06/07
D:\Tools & Sub Folders
Start (27.02.2014 16:51:13)
Running Repair Under System Account
Done (27.02.2014 16:51:16)
02 - Reset File Permissions 07/07
D:\WINDOWS & Sub Folders
Start (27.02.2014 16:51:16)
Running Repair Under System Account
Done (27.02.2014 16:51:20)
02 - Reset File Permissions: All Profiles
C:\Users & Sub Folders
Start (27.02.2014 16:51:20)
Running Repair Under System Account
Done (27.02.2014 16:53:32)
02 - Reset File Permissions: Current Profile
C:\Users\M1 & Sub Folders
Start (27.02.2014 16:53:33)
Running Repair Under System Account
Done (27.02.2014 16:55:50)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (27.02.2014 16:55:50)
Running Repair Under System Account
Processing ACL of: <\\?\C:\Documents and Settings>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Desktop>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Favorites>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Start Menu>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Templates>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Desktop>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Favorites>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Start Menu>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Templates>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default User>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Cookies>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Local Settings>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\My Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\NetHood>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\PrintHood>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Recent>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\SendTo>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Start Menu>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Templates>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Music>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Pictures>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Videos>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\M1\Application Data>
Reading the SD from <\\?\C:\Users\M1\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\M1\Cookies>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\M1\Local Settings>
Reading the SD from <\\?\C:\Users\M1\Local Settings> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\M1\My Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\M1\NetHood>
Reading the SD from <\\?\C:\Users\M1\NetHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\M1\PrintHood>
Reading the SD from <\\?\C:\Users\M1\PrintHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\M1\Recent>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\M1\SendTo>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\M1\Start Menu>
Reading the SD from <\\?\C:\Users\M1\Start Menu> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\M1\Templates>
Reading the SD from <\\?\C:\Users\M1\Templates> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\M1\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\M1\AppData\Local\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\M1\AppData\Local\History>
Reading the SD from <\\?\C:\Users\M1\AppData\Local\History> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\M1\AppData\Local\Temporary Internet Files>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\M1\Documents\My Music>
Reading the SD from <\\?\C:\Users\M1\Documents\My Music> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\M1\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\M1\Documents\My Pictures> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\M1\Documents\My Videos>
SetACL finished successfully.
Done (27.02.2014 16:55:55)
03 - Register System Files
Start (27.02.2014 16:55:55)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 16:57:16)
04 - Repair WMI
Start (27.02.2014 16:57:16)
Running Repair Under Current User Account
Done (27.02.2014 17:01:47)
05 - Repair Windows Firewall
Start (27.02.2014 17:01:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:02:25)
06 - Repair Internet Explorer
Start (27.02.2014 17:02:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:03:15)
07 - Repair MDAC/MS Jet
Start (27.02.2014 17:03:15)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:03:48)
08 - Repair Hosts File
Start (27.02.2014 17:03:48)
Running Repair Under System Account
Done (27.02.2014 17:03:51)
09 - Remove Policies Set By Infections
Start (27.02.2014 17:03:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:03:56)
10 - Repair Missing Start Menu Icons Removed By Infections
Start (27.02.2014 17:03:56)
Running Repair Under System Account
Done (27.02.2014 17:03:58)
11 - Repair Icons
Start (27.02.2014 17:03:58)
Running Repair Under Current User Account
Done (27.02.2014 17:04:01)
12 - Repair Winsock & DNS Cache
Start (27.02.2014 17:04:03)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:04:21)
13 - Remove Temp Files
Start (27.02.2014 17:04:21)
Running Repair Under System Account
Done (27.02.2014 17:04:24)
14 - Repair Proxy Settings
Start (27.02.2014 17:04:24)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:04:29)
15 - Unhide Non System Files
Start (27.02.2014 17:04:29)
C:\ - Total Files Unhidden: 310 - Check Unhidden_Files.txt for list of files unhidden
D:\ - Total Files Unhidden: 3 - Check Unhidden_Files.txt for list of files unhidden
Done (27.02.2014 17:08:00)
16 - Repair Windows Updates
Start (27.02.2014 17:08:00)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:09:18)
17 - Repair CD/DVD Missing/Not Working
Start (27.02.2014 17:09:18)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (27.02.2014 17:09:18)
18 - Repair Volume Shadow Copy Service
Start (27.02.2014 17:09:18)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:09:39)
19 - Repair Windows Sidebar/Gadgets
Start (27.02.2014 17:09:40)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:09:49)
20 - Repair MSI (Windows Installer)
Start (27.02.2014 17:09:49)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:10:09)
21 - Repair Windows Snipping Tool
Start (27.02.2014 17:10:09)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:10:14)
22.01 - Repair bat Association
Start (27.02.2014 17:10:14)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:10:19)
22.02 - Repair cmd Association
Start (27.02.2014 17:10:19)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:10:23)
22.03 - Repair com Association
Start (27.02.2014 17:10:23)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:10:28)
22.04 - Repair Directory Association
Start (27.02.2014 17:10:28)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:10:33)
22.05 - Repair Drive Association
Start (27.02.2014 17:10:33)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:10:38)
22.06 - Repair exe Association
Start (27.02.2014 17:10:38)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:10:43)
22.07 - Repair Folder Association
Start (27.02.2014 17:10:43)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:10:47)
22.08 - Repair inf Association
Start (27.02.2014 17:10:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:10:52)
22.09 - Repair lnk (Shortcuts) Association
Start (27.02.2014 17:10:52)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:10:57)
22.10 - Repair msc Association
Start (27.02.2014 17:10:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:11:02)
22.11 - Repair reg Association
Start (27.02.2014 17:11:02)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:11:07)
22.12 - Repair scr Association
Start (27.02.2014 17:11:07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:11:13)
23 - Repair Windows Safe Mode
Start (27.02.2014 17:11:13)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:11:18)
24 - Repair Print Spooler
Start (27.02.2014 17:11:18)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:11:34)
25 - Restore Important Windows Services
Start (27.02.2014 17:11:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:12:05)
26 - Set Windows Services To Default Startup
Start (27.02.2014 17:12:05)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27.02.2014 17:12:38)
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.0
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.0
Cleaning up empty logs...
All Selected Repairs Done.
Done (27.02.2014 17:12:38)
Total Repair Time: 00:49:14
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account
" Load DLL Hook Load failed" immer noch, die andere Meldung vom Aufgabenplanungsmodul war nicht mehr da. Ich hatte ja den Virenschutz ausgeschaltet beim scan, danach meldet des Sicherheitscenter, es kennt Avast nicht - Avast ist wieder eingeschaltet, aber das Sichderheitscenter erkennt es nicht - komisch? rairai |
|
27.02.2014, 18:10
| #26 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hi Cosinus, Nach weiterem Neustart ist das mit dem Sicherheitscenter wieder ok. Avast wird erkannt. Ich habe beim Stöbern im Netz folgende Seite gefunden Code:
ATTFilter hxxp://windowstechies.com/de/support/specific-dll/?t=1&k=hook.dll&m=b&u=&c=32047695270&lang=de&gclid=CL3kkJ7k7LwCFSgewwodOrQA3Q
rairai Geändert von rairai (27.02.2014 um 18:20 Uhr) |
|
28.02.2014, 10:47
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Die portable Version kannst du trotzdem runterladen => http://www2.online-solutions.ru/en/d...e.php?p=131115
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.02.2014, 13:49
| #30 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hi Cosinus, nach dem 1. scan , bevor der Onlinescan startet bleibt das Tool hängen. habe es 3 x versucht "getting server configuration - failed" weiter geht es nicht rairai |
|
| Themen zu Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... |
| adobe, avira, awesomehp, awesomehp entfernen, benachrichtigungen, branding, ccsetup, computer_bild-download-manager, cyberghost, device driver, dll -, einstellungen, fehlermeldung, flash player, homepage, iexplore.exe, launch, lightning, mobogenie, mobogenie entfernen, officejet, pup.optional.awesomehp.a, pup.optional.benchupdater.a, pup.optional.lightning.a, pup.optional.savingswizard.a, pup.optional.skytech.a, pup.optional.suptab.a, quick_start, secunia psi, services.exe, svchost.exe, trojan.keylogger, wildtangent games |
Linear-Darstellung
