| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: Dieses Programm wurde durch eine Gruppenrichtlinie blockiertWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
28.05.2014, 06:46
| #1 |
 |  Dieses Programm wurde durch eine Gruppenrichtlinie blockiert hallo mein name ist manuel :-) meine antivirus programme (livescanner) lassen sich nicht mehr starten keine ahnung wie das passieren konnte über google hab ich euch dann zum glück gefunden finde ich echt klasse das ihr euch damit auskennt und schnell helfen tut so sehen die fehler bzw der fehler aus :     Farbar's Recovery Scan Tool hab ich schon gedownloadet hier ist das resulatet des scans www16.zippyshare.com/v/44419706/file.html FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Manuel (administrator) on MANUEL-PC on 28-05-2014 07:19:15
Running from C:\Users\Manuel\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Panicware, Inc.) C:\Sonstiges\Pop-Up Stopper Free Edition\PSFree.exe
() C:\Sonstiges\Hear\Hear.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
() C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [G Data AntiVirus Tray Application] => C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [985080 2012-01-27] (G Data Software AG)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1470968 2012-01-27] (G Data Software AG)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2238704 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\G DATA <====== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1713568521-3801853211-3615968933-1001\...\Run: [PopUpStopperFreeEdition] => C:\Sonstiges\Pop-Up Stopper Free Edition\PSFree.exe [536576 2005-03-17] (Panicware, Inc.)
HKU\S-1-5-21-1713568521-3801853211-3615968933-1001\...\Run: [DAEMON Tools Lite] => C:\Sonstiges\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-1713568521-3801853211-3615968933-1001\...\Run: [OnuvCuwa] => regsvr32.exe "C:\ProgramData\OnuvCuwa.dat"
HKU\S-1-5-21-1713568521-3801853211-3615968933-1001\...\MountPoints2: G - G:\RunGame.exe
HKU\S-1-5-21-1713568521-3801853211-3615968933-1001\...\MountPoints2: {04090e24-7622-11e2-b4b8-002618fc9343} - G:\RunGame.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hear.lnk
ShortcutTarget: Hear.lnk -> C:\Sonstiges\Hear\Hear.exe ()
==================== Internet (Whitelisted) ====================
ProxyServer: http=localhost:8080;https=localhost:8080;ftp=localhost:8080;socks=localhost:1080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4D15C7829887CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=MC0E993DF-7301-48FF-8EB0-9B1E1056F54F&SearchSource=58&CUI=&UM=5&UP=SP00A8B2B0-44C1-49D0-80B6-D7A9EF70EF97&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=MC0E993DF-7301-48FF-8EB0-9B1E1056F54F&SearchSource=58&CUI=&UM=5&UP=SP00A8B2B0-44C1-49D0-80B6-D7A9EF70EF97&q={searchTerms}&SSPV=
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{AC8DC7DA-B06C-4449-B9F8-1CA253DCB2C7}: [NameServer]8.8.8.8
Tcpip\..\Interfaces\{F3F0FFCC-FF7E-4525-9A98-573156F16DFB}: [NameServer]8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\p5ab8usi.default
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=MC0E993DF-7301-48FF-8EB0-9B1E1056F54F&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP00A8B2B0-44C1-49D0-80B6-D7A9EF70EF97
FF DefaultSearchEngine: qvo6
FF SearchEngineOrder.1: qvo6
FF SelectedSearchEngine: Conduit Search
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Sonstiges\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
FF user.js: detected! => C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\p5ab8usi.default\user.js
FF SearchPlugin: C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\p5ab8usi.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\p5ab8usi.default\searchplugins\delta.xml
FF Extension: Plus-HD-2.2 - C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\p5ab8usi.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com [2014-03-14]
FF Extension: Delta Toolbar - C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\p5ab8usi.default\Extensions\ffxtlbr@delta.com [2013-03-04]
FF Extension: FreeHDSport TV 3 - C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\p5ab8usi.default\Extensions\fhdp3@freehdsp.tv.xpi [2013-06-30]
FF Extension: NoScript - C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\p5ab8usi.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-03]
FF Extension: Adblock Plus - C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\p5ab8usi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-14]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-04]
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [1524728 2012-02-02] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [468472 2012-01-27] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [1580464 2012-01-27] (G Data Software AG)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [1898728 2012-01-27] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [471048 2012-01-27] (G Data Software AG)
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [1015592 2014-05-15] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-13] ()
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152720 2013-02-12] (Lavasoft Limited)
S3 OpenVPNService; C:\Sonstiges\Your Freedom\OpenVPN\bin\openvpnserv.exe [32568 2013-08-22] (The OpenVPN Project)
S4 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-01-14] (Crawler.com)
S2 AdobeARMservice; No ImagePath
S2 EslWireHelper; No ImagePath
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-01-01] (Avira Operations GmbH & Co. KG)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1872192 2013-02-12] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-12] (DT Soft Ltd)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [41848 2013-02-12] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [90744 2013-02-12] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [49528 2013-02-12] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [54648 2013-02-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [30416 2013-08-01] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50040 2013-02-12] (G Data Software AG)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [49352 2014-03-19] (AnchorFree Inc.)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [103512 2013-02-12] (JMicron Technology Corp.)
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-10-28] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-10-28] (Lavasoft AB)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2013-02-12] ()
R3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [39048 2011-11-07] ()
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC)
R3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [17408 2008-08-14] (Creative Technology Ltd.)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-03-19] (Anchorfree Inc.)
U5 UnlockerDriver5; C:\Sonstiges\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-28 07:19 - 2014-05-28 07:20 - 00014370 _____ () C:\Users\Manuel\Desktop\FRST.txt
2014-05-28 07:19 - 2014-05-28 07:19 - 00000000 ____D () C:\FRST
2014-05-28 07:18 - 2014-05-28 07:06 - 01056256 _____ (Farbar) C:\Users\Manuel\Desktop\FRST.exe
2014-05-28 07:09 - 2014-05-28 07:09 - 00000074 _____ () C:\Users\Manuel\Desktop\Neues Textdokument.txt
2014-05-28 06:50 - 2014-05-28 06:50 - 00099062 _____ () C:\Windows\PFRO.log
2014-05-28 06:03 - 2014-05-28 06:03 - 00059256 _____ () C:\Users\Manuel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-28 05:30 - 2014-05-28 07:13 - 00000168 _____ () C:\Windows\setupact.log
2014-05-28 05:30 - 2014-05-28 05:31 - 00282184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-28 05:30 - 2014-05-28 05:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-27 18:40 - 2014-05-27 18:40 - 00281745 _____ (Microsoft Corporation) C:\ProgramData\OnuvCuwa.dat
2014-05-27 02:50 - 2014-05-27 02:52 - 00000069 _____ () C:\Windows\Demoplayer.ini
2014-05-21 23:47 - 2014-05-21 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2014-05-06 14:56 - 2014-05-06 14:56 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Overwolf
2014-04-30 02:01 - 2014-05-28 05:56 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\TS3Client
==================== One Month Modified Files and Folders =======
2014-05-28 07:20 - 2014-05-28 07:19 - 00014370 _____ () C:\Users\Manuel\Desktop\FRST.txt
2014-05-28 07:19 - 2014-05-28 07:19 - 00000000 ____D () C:\FRST
2014-05-28 07:19 - 2013-03-04 00:48 - 00006800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 07:19 - 2013-03-04 00:48 - 00006800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 07:15 - 2014-02-09 05:37 - 00000384 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-05-28 07:13 - 2014-05-28 05:30 - 00000168 _____ () C:\Windows\setupact.log
2014-05-28 07:13 - 2013-02-23 10:55 - 00228634 _____ () C:\aaw7boot.log
2014-05-28 07:09 - 2014-05-28 07:09 - 00000074 _____ () C:\Users\Manuel\Desktop\Neues Textdokument.txt
2014-05-28 07:06 - 2014-05-28 07:18 - 01056256 _____ (Farbar) C:\Users\Manuel\Desktop\FRST.exe
2014-05-28 06:50 - 2014-05-28 06:50 - 00099062 _____ () C:\Windows\PFRO.log
2014-05-28 06:44 - 2013-06-09 21:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Winamp
2014-05-28 06:03 - 2014-05-28 06:03 - 00059256 _____ () C:\Users\Manuel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-28 05:56 - 2014-04-30 02:01 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\TS3Client
2014-05-28 05:31 - 2014-05-28 05:30 - 00282184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-28 05:30 - 2014-05-28 05:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 05:28 - 2013-02-27 16:02 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\BitTorrent
2014-05-28 05:28 - 2013-02-13 23:12 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 05:28 - 2013-02-12 08:28 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\DAEMON Tools Lite
2014-05-28 04:28 - 2013-03-03 14:26 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\HLSW
2014-05-28 04:28 - 2013-02-12 07:53 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-27 18:40 - 2014-05-27 18:40 - 00281745 _____ (Microsoft Corporation) C:\ProgramData\OnuvCuwa.dat
2014-05-27 02:52 - 2014-05-27 02:50 - 00000069 _____ () C:\Windows\Demoplayer.ini
2014-05-26 04:04 - 2013-02-12 06:21 - 00000064 _____ () C:\Windows\system32\rp_stats.dat
2014-05-26 04:04 - 2013-02-12 06:20 - 00000044 _____ () C:\Windows\system32\rp_rules.dat
2014-05-23 23:18 - 2013-02-12 07:31 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Hear
2014-05-22 18:24 - 2013-02-28 02:39 - 00000408 _____ () C:\Users\Manuel\Downloads\W7 wiederherstellung.txt
2014-05-22 17:49 - 2014-04-16 00:47 - 00006656 _____ () C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-21 23:47 - 2014-05-21 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2014-05-21 23:47 - 2013-07-16 20:24 - 00000000 ____D () C:\Program Files\Hotspot Shield
2014-05-16 01:05 - 2013-08-12 17:50 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\mIRC
2014-05-15 11:49 - 2013-02-12 03:40 - 00000000 ____D () C:\Sonstiges
2014-05-14 02:47 - 2013-02-12 03:36 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-09 11:16 - 2013-02-12 03:34 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-09 11:16 - 2013-02-12 03:34 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-06 17:13 - 2013-02-12 08:35 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\teamspeak2
2014-05-06 14:56 - 2014-05-06 14:56 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Overwolf
2014-05-06 08:07 - 2013-08-16 04:43 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\ChessBase
2014-05-06 08:06 - 2013-08-16 04:43 - 00000222 _____ () C:\Windows\ChssBase.ini
Files to move or delete:
====================
C:\ProgramData\OnuvCuwa.dat
C:\Users\Manuel\x.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-28 20:54
==================== End Of Log ============================
Additional Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by Manuel at 2014-05-28 07:20:26
Running from C:\Users\Manuel\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: G Data InternetSecurity 2013 (Enabled - Out of date) {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AS: G Data InternetSecurity 2013 (Enabled - Out of date) {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Watch Live! (Enabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: G Data Personal Firewall (Enabled) {018C0191-29AD-04E8-101F-264FDF37B3ED}
==================== Installed Programs ======================
Acronis Drive Monitor (HKLM\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Ad-Aware (HKLM\...\{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}) (Version: 9.6.0 - Lavasoft Limited)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKCU\...\Advanced Archive Password Recovery) (Version: 4.53 - ElcomSoft Co. Ltd.)
AnalogX NetStat Live (HKLM\...\AnalogX NetStat Live) (Version: - AnalogX)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)
AutoHotkey 1.0.48.05 (HKLM\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.8.0.29112 - BitTorrent Inc.)
Blitzkrieg (HKLM\...\Blitzkrieg) (Version: - )
Camtasia Studio 7 (HKLM\...\{DE042823-C359-4B87-B66B-308057E8B6AF}) (Version: 7.0.1 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Command & Conquer Alarmstufe Rot 2 (HKLM\...\Red Alert 2) (Version: - )
Command && Conquer Alarmstufe Rot 2 - Yuris Rache (HKLM\...\Yuri's Revenge) (Version: - )
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Day of Defeat: Source (HKLM\...\Steam App 300) (Version: - Valve)
eMule (HKLM\...\eMule) (Version: - )
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESL Wire 1.17.3 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
Fraps (remove only) (HKLM\...\Fraps) (Version: - )
Freelancer (HKLM\...\Freelancer 1.0) (Version: - )
Fritz7 (HKLM\...\{D952A9F5-E24D-4264-86B7-79160E361EE8}) (Version: - )
G Data InternetSecurity 2013 (HKLM\...\{86107E2D-DFB9-46BC-99ED-07EACAEE0923}) (Version: 23.0.0.0 - G Data Software AG)
GCFScape 1.8.4 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM\...\WOLAPI) (Version: - )
GIGA F-Tasten v6.0 (HKLM\...\GIGA F-Tasten_is1) (Version: - )
Google Earth (HKLM\...\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}) (Version: 7.0.1.8244 - Google)
Hear (HKLM\...\{4E341B88-61A8-4C28-A3F0-9021898AD3C2}_is1) (Version: - Joesoft)
HLSW v1.4.0.2 (HKLM\...\HLSW_is1) (Version: - Stripf Software)
Hotspot Shield 3.41 (HKLM\...\HotspotShield) (Version: 3.41 - AnchorFree Inc.)
Internet Chess (HKLM\...\{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}) (Version: 1.00.000 - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
LSHunterTVApp (HKLM\...\1ClickDownload) (Version: 2.1 Build 26473 - LSHunter.TV) <==== ATTENTION
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Game Studios Common Redistributables Pack 1 (Version: 1.0.0 - Microsoft Game Studios) Hidden
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
mIRC (HKLM\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
MorphVOX Pro (HKLM\...\{058AF8C6-E4DE-4D91-9879-B72860E9F615}) (Version: 4.3.13 - Screaming Bee)
Mozilla Firefox 18.0.2 (x86 de) (HKLM\...\Mozilla Firefox 18.0.2 (x86 de)) (Version: 18.0.2 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Omerta - City of Gangsters (HKLM\...\GOGPACKOMERTA_is1) (Version: 2.0.0.4 - GOG.com)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - )
OpenVPN 2.3.2-I003 (HKLM\...\OpenVPN) (Version: 2.3.2-I003 - )
Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version: - www.PerfectUninstaller.net)
Pop-Up Stopper Free Edition (HKLM\...\Pop-Up Stopper Free Edition) (Version: 3.1.1014 - Panicware, Inc.)
Samsung SyncMaster 3D Game Launcher (TriDef 3D) 1.1 (HKLM\...\experience-samsung-mon-bundle) (Version: 1.1 - Dynamic Digital Depth Australia Pty Ltd)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SH3 (HKLM\...\{2bf58e36-9f9c-4a59-af30-defaa841c7d8}.sdb) (Version: - )
Silent Hunter III (HKLM\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.00.0000 - Ubisoft)
Silent Hunter III (Version: 1.00.0000 - Ubisoft) Hidden
SimCity 4 Deluxe (HKLM\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Spyware Terminator 2012 (HKLM\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.80 - Crawler.com)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
SWAT3 (HKLM\...\SWAT3) (Version: - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamSpeak 2 RC2 (HKLM\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Tomb Raider: Underworld 1.1 (HKLM\...\Tomb Raider: Underworld) (Version: - )
Uniblue DriverScanner (HKLM\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.9.10 - Uniblue Systems Ltd)
Uniblue RegistryBooster (HKLM\...\{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1) (Version: 6.1.1.0 - Uniblue Systems Limited)
Uniblue SpeedUpMyPC (HKLM\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 5.3.3.0 - Uniblue Systems Ltd) <==== ATTENTION
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Warzone 2100-3.1.1 (HKLM\...\Warzone 2100-3.1.1) (Version: 3.1.1 - Warzone 2100 Project)
Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.1.3 - Shark007)
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.00 beta 3 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.3 - win.rar GmbH)
Worms Reloaded (HKLM\...\Steam App 22600) (Version: - Team17 Software Ltd.)
Your Freedom 20140324-01 (HKLM\...\Your_Deploy_0) (Version: - )
Zattoo4 4.0.5 (HKLM\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1A4B711D-BE60-4562-8510-42DD84E466B8} - System32\Tasks\SpeedUpMyPC => C:\Sonstiges\SpeedUpMyPC\spmonitor.exe [2012-08-03] (Uniblue Systems Ltd) <==== ATTENTION
Task: {333F9997-8D69-44D9-B342-2859E37FF701} - System32\Tasks\rbmonitor => C:\Sonstiges\RegistryBooster\rbmonitor.exe [2012-12-05] (Uniblue Systems Limited)
Task: {346BC81E-6A32-4EE5-B114-E1EA3824B1B7} - System32\Tasks\DriverScanner => C:\Sonstiges\DriverScanner\dsmonitor.exe [2012-07-10] (Uniblue Systems Limited)
Task: {4EF6D550-0303-4098-8511-3FB00428AB8A} - System32\Tasks\CCleanerSkipUAC => C:\Sonstiges\CCleaner7\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {5418BA27-C5C3-4ACE-9A90-394D25CBF9BC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9C357909-871A-4135-A284-74A57FC549C9} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28] (Lavasoft Limited )
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Desk 365 RunAsStdUser.job => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION
Task: C:\Windows\Tasks\DriverScanner.job => C:\Sonstiges\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\FreeHDSport TV-codedownloader.job => C:\Program Files\FreeHDSport TV\FreeHDSport TV-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\FreeHDSport TV-enabler.job => C:\Program Files\FreeHDSport TV\FreeHDSport TV-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\FreeHDSport TV-updater.job => C:\Program Files\FreeHDSport TV\FreeHDSport TV-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.2-enabler.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.2-updater.job => C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\rbmonitor.job => C:\Sonstiges\RegistryBooster\rbmonitor.exe
Task: C:\Windows\Tasks\RunAsStdUser Task.job => C:\Sonstiges\RightClicker Pro 1.47\RightClicker.exe
Task: C:\Windows\Tasks\SpeedUpMyPC.job => C:\Sonstiges\SpeedUpMyPC\spmonitor.exe <==== ATTENTION
Task: C:\Windows\Tasks\Tomb Raider - Underworld.job => C:\Program Files\Eidos\Tomb Raider - Underworld\TRU.exe
==================== Loaded Modules (whitelisted) =============
2013-05-14 00:46 - 2013-05-13 21:05 - 02084352 _____ () C:\Program Files\Common Files\G DATA\AVKScanP\Avast5\defs\13051301\algo.dll
2011-10-28 20:35 - 2011-10-28 20:35 - 00591232 _____ () C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
2011-10-28 20:35 - 2011-10-28 20:35 - 00430568 _____ () C:\Program Files\Lavasoft\Ad-Aware\viprebridge.dll
2011-10-28 20:35 - 2011-10-28 20:35 - 00308560 _____ () C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
2013-02-12 03:43 - 2014-05-04 10:26 - 00190752 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
2013-02-12 03:43 - 2014-05-04 10:26 - 00178464 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
2013-02-12 03:43 - 2013-02-12 03:43 - 00508776 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw
2013-02-12 03:40 - 2010-12-21 12:48 - 00139776 _____ () C:\Sonstiges\WinRAR\rarext.dll
2014-05-15 20:45 - 2014-05-15 20:45 - 00965928 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
2014-05-15 20:49 - 2014-05-15 20:49 - 00229160 _____ () C:\Program Files\Hotspot Shield\bin\cmwhydraplugin.dll
2014-05-15 20:47 - 2014-05-15 20:47 - 00517928 _____ () C:\Program Files\Hotspot Shield\bin\HssRep.dll
2013-02-12 07:31 - 2011-11-28 21:47 - 02589832 _____ () C:\Sonstiges\Hear\Hear.exe
2012-01-27 06:05 - 2012-01-27 06:05 - 00212984 _____ () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2011-10-28 20:35 - 2011-10-28 20:35 - 01101960 _____ () C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
2011-10-28 20:35 - 2011-10-28 20:35 - 00017856 _____ () C:\Program Files\Lavasoft\Ad-Aware\AWSCUpdate.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: adm_tray.exe => C:\Sonstiges\AcronisDriveMonitor\DriveMonitor\adm_tray.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Sonstiges\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: NetStat Live => C:\Sonstiges\AnalogX\NetStat Live\nsl.exe
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/29/2013 01:35:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Freelancer.exe, Version: 1.0.1223.11, Zeitstempel: 0x3e401b79
Name des fehlerhaften Moduls: lighting.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4bbb6b2b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x70101483
ID des fehlerhaften Prozesses: 0x1274
Startzeit der fehlerhaften Anwendung: 0xFreelancer.exe0
Pfad der fehlerhaften Anwendung: Freelancer.exe1
Pfad des fehlerhaften Moduls: Freelancer.exe2
Berichtskennung: Freelancer.exe3
Error: (11/29/2013 01:23:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Freelancer.exe, Version: 1.0.1223.11, Zeitstempel: 0x3e401b79
Name des fehlerhaften Moduls: hc_client.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4d4ee401
Ausnahmecode: 0xc0000005
Fehleroffset: 0x021d53e6
ID des fehlerhaften Prozesses: 0x2724
Startzeit der fehlerhaften Anwendung: 0xFreelancer.exe0
Pfad der fehlerhaften Anwendung: Freelancer.exe1
Pfad des fehlerhaften Moduls: Freelancer.exe2
Berichtskennung: Freelancer.exe3
Error: (11/29/2013 11:18:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-1713568521-3801853211-3615968933-1004.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {3b886254-23cb-4890-8e96-03350faf2a18}
Error: (11/29/2013 10:22:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-1713568521-3801853211-3615968933-1004.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {3b886254-23cb-4890-8e96-03350faf2a18}
Error: (11/29/2013 10:21:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-1713568521-3801853211-3615968933-1004.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {3b886254-23cb-4890-8e96-03350faf2a18}
Error: (11/29/2013 10:15:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-1713568521-3801853211-3615968933-1004.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {831152f3-0c6a-4e06-bb69-be305feca541}
Error: (11/29/2013 09:20:03 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-1713568521-3801853211-3615968933-1004.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {831152f3-0c6a-4e06-bb69-be305feca541}
Error: (11/29/2013 04:24:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16635 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e34
Startzeit: 01ceeca84e9bfb1e
Endzeit: 88
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID:
Error: (11/29/2013 01:41:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/29/2013 01:22:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-1713568521-3801853211-3615968933-1004.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {ed880ba0-391e-4da4-a4ba-d3d8443c3363}
System errors:
=============
Error: (05/18/2014 04:13:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/18/2014 04:13:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/18/2014 04:13:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/18/2014 10:57:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/17/2014 09:15:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/17/2014 09:15:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/17/2014 09:15:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/17/2014 01:51:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/17/2014 01:51:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/17/2014 01:51:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
Error: (11/29/2013 01:35:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Freelancer.exe1.0.1223.113e401b79lighting.dll_unloaded0.0.0.04bbb6b2bc000000570101483127401ceecf6939f4216C:\Spiele\Freelancer\EXE\Freelancer.exelighting.dll650b3901-58ea-11e3-b71d-004124cd2931
Error: (11/29/2013 01:23:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Freelancer.exe1.0.1223.113e401b79hc_client.dll_unloaded0.0.0.04d4ee401c0000005021d53e6272401ceeceed8691b9eC:\Spiele\Freelancer\EXE\Freelancer.exehc_client.dll9d061434-58e8-11e3-b71d-004124cd2931
Error: (11/29/2013 11:18:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1713568521-3801853211-3615968933-1004.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {3b886254-23cb-4890-8e96-03350faf2a18}
Error: (11/29/2013 10:22:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1713568521-3801853211-3615968933-1004.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {3b886254-23cb-4890-8e96-03350faf2a18}
Error: (11/29/2013 10:21:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1713568521-3801853211-3615968933-1004.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {3b886254-23cb-4890-8e96-03350faf2a18}
Error: (11/29/2013 10:15:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1713568521-3801853211-3615968933-1004.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {831152f3-0c6a-4e06-bb69-be305feca541}
Error: (11/29/2013 09:20:03 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1713568521-3801853211-3615968933-1004.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {831152f3-0c6a-4e06-bb69-be305feca541}
Error: (11/29/2013 04:24:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe10.0.9200.16635e3401ceeca84e9bfb1e88C:\Program Files\Internet Explorer\iexplore.exe
Error: (11/29/2013 01:41:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\common files\LogiShrd\sp6_uninstall\tools\64\AddBrowsers.exe
Error: (11/29/2013 01:22:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1713568521-3801853211-3615968933-1004.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {ed880ba0-391e-4da4-a4ba-d3d8443c3363}
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 3063.12 MB
Available physical RAM: 1697.59 MB
Total Pagefile: 6131.41 MB
Available Pagefile: 4192.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.02 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.97 GB) (Free:207.5 GB) NTFS
Drive d: () (Fixed) (Total:97.55 GB) (Free:79.03 GB) NTFS
Drive e: () (Fixed) (Total:540.88 GB) (Free:407.74 GB) NTFS
Drive f: (NEU) (CDROM) (Total:3.87 GB) (Free:0 GB) CDFS
Drive g: (SC4DELUXE2) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
Drive l: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: E5C0CB01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=541 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von AirFisher (28.05.2014 um 07:30 Uhr) |
| Themen zu Dieses Programm wurde durch eine Gruppenrichtlinie blockiert |
| ahnung, antivirus, antivirus programme, association, blockiert, conduit search, conduit search entfernen, conduit-search, conduit-search entfernen, dieses programm wurde durch eine gruppenrichtlinie blockiert, gruppe, gruppenrichtlinie, gruppenrichtlinie blockiert, hotspot, konnte, newtab, nicht mehr, passieren, programm, programme, recovery, starte, tool |
Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
Baum-Darstellung