| |
| |||||||
Log-Analyse und Auswertung: Windows Vista -64 Bit - Verdacht auf VirenbefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.08.2014, 14:52
| #1 |
 |  Windows Vista -64 Bit - Verdacht auf Virenbefall Hallo M-K-D-B, wie schon kurz per PN angesprochen hab ich erneut den Verdacht eines Befalls. Für manche Menschen war der Rechenschieber wohl doch die bessere Erfindung... Rechner ist deutlich langsamer geworden, häufige Fehlermeldungen und auch häufig Werbung in Foren und Blogs. Vielen lieben Dank schonmal! Nachfolgend die bisherigen Infos: defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:00 on 12/08/2014 (David)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by David (administrator) on DAVID-PC on 12-08-2014 15:02:51
Running from C:\Users\David\Downloads
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGGE.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-14] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [EPSON SX125 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.uwz.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-28]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-06]
Chrome:
=======
CHR HomePage:
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-12 15:02 - 2014-08-12 15:02 - 00007793 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-12 15:01 - 2014-08-12 15:01 - 02099712 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2014-08-12 15:00 - 2014-08-12 15:00 - 00000472 _____ () C:\Users\David\Desktop\defogger_disable.log
2014-08-12 14:58 - 2014-08-12 14:58 - 00000000 _____ () C:\Users\David\defogger_reenable
2014-08-12 14:55 - 2014-08-12 14:55 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2014-08-01 18:30 - 2014-08-10 17:25 - 00042481 _____ () C:\Users\David\Desktop\PlanspielTauberExtrem.ods
2014-07-30 00:34 - 2014-07-30 00:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 13:58 - 2014-07-28 13:58 - 00028931 _____ () C:\Users\David\Documents\alex2.odt
2014-07-26 15:09 - 2014-07-28 10:30 - 00033505 _____ () C:\Users\David\Documents\alex 1.odt
2014-07-22 15:47 - 2014-07-22 15:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-20 14:57 - 2014-07-20 14:57 - 00013655 _____ () C:\Users\David\Documents\Scanner.odt
2014-07-17 15:18 - 2014-07-17 15:18 - 00013376 _____ () C:\Users\David\Documents\Unbenannt 1.odt
2014-07-15 11:16 - 2014-08-11 18:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 11:15 - 2014-07-15 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-15 11:15 - 2014-07-15 11:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-15 11:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-15 11:15 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-12 15:03 - 2014-08-12 15:02 - 00007793 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-12 15:02 - 2014-05-04 09:52 - 00000000 ____D () C:\FRST
2014-08-12 15:02 - 2013-11-06 21:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 15:01 - 2014-08-12 15:01 - 02099712 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2014-08-12 15:01 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 15:01 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 15:00 - 2014-08-12 15:00 - 00000472 _____ () C:\Users\David\Desktop\defogger_disable.log
2014-08-12 14:58 - 2014-08-12 14:58 - 00000000 _____ () C:\Users\David\defogger_reenable
2014-08-12 14:58 - 2008-01-01 15:24 - 00000000 ____D () C:\Users\David
2014-08-12 14:55 - 2014-08-12 14:55 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2014-08-12 13:27 - 2008-01-21 03:53 - 01664428 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 13:22 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 10:40 - 2006-11-02 17:42 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-11 18:44 - 2014-07-15 11:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 20:29 - 2013-12-09 21:16 - 00000000 ____D () C:\Users\David\AppData\Local\Paint.NET
2014-08-10 17:25 - 2014-08-01 18:30 - 00042481 _____ () C:\Users\David\Desktop\PlanspielTauberExtrem.ods
2014-08-09 21:45 - 2013-11-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\vlc
2014-08-08 11:19 - 2008-01-21 13:10 - 01661466 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 11:19 - 2008-01-21 13:09 - 00709380 _____ () C:\Windows\system32\perfh007.dat
2014-08-08 11:19 - 2008-01-21 13:09 - 00161112 _____ () C:\Windows\system32\perfc007.dat
2014-08-07 15:00 - 2014-01-02 15:21 - 00034688 _____ () C:\Users\David\Desktop\ÜFD.ods
2014-07-31 22:22 - 2014-07-10 00:22 - 00059960 _____ () C:\Users\David\Desktop\planspielfneu.ods
2014-07-31 17:23 - 2013-11-08 18:13 - 00087552 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-30 19:52 - 2013-11-06 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 00:34 - 2014-07-30 00:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 13:58 - 2014-07-28 13:58 - 00028931 _____ () C:\Users\David\Documents\alex2.odt
2014-07-28 10:30 - 2014-07-26 15:09 - 00033505 _____ () C:\Users\David\Documents\alex 1.odt
2014-07-22 15:47 - 2014-07-22 15:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-20 14:57 - 2014-07-20 14:57 - 00013655 _____ () C:\Users\David\Documents\Scanner.odt
2014-07-19 19:12 - 2014-06-08 19:25 - 00015390 _____ () C:\Users\David\Desktop\Höchste gemessene Temperaturen seit 2007.odt
2014-07-17 15:18 - 2014-07-17 15:18 - 00013376 _____ () C:\Users\David\Documents\Unbenannt 1.odt
2014-07-15 23:00 - 2014-05-07 12:13 - 00000000 ____D () C:\ProgramData\Origin
2014-07-15 20:39 - 2014-05-07 12:13 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-15 13:54 - 2013-10-30 14:05 - 00000000 ____D () C:\Users\David\Documents\Lesestoff
2014-07-15 11:16 - 2013-11-08 17:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\Malwarebytes
2014-07-15 11:15 - 2014-07-15 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-15 11:15 - 2014-07-15 11:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-15 11:15 - 2013-11-08 17:05 - 00000941 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-15 11:15 - 2013-11-08 17:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 11:15 - 2013-11-08 17:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\78335uninstall.exe
C:\Users\David\AppData\Local\Temp\avgnt.exe
C:\Users\David\AppData\Local\Temp\ose00000.exe
C:\Users\David\AppData\Local\Temp\ose00001.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\Sqlite3.dll
C:\Users\David\AppData\Local\Temp\VIS_DE-2013-12-13.exe
C:\Users\David\AppData\Local\Temp\vlc-2.1.1-win64.exe
C:\Users\David\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\David\AppData\Local\Temp\vlc-2.1.3-win64.exe
C:\Users\David\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\David\AppData\Local\Temp\_is6E59.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-12 13:28
==================== End Of Log ============================
Fehlermeldung, läuft nicht! Maleware: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 12.08.2014 Suchlauf-Zeit: 15:20:10 Logdatei: maleware.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.12.04 Rootkit Datenbank: v2014.08.04.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x64 Dateisystem: NTFS Benutzer: David Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 285291 Verstrichene Zeit: 10 Min, 24 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) |
|
12.08.2014, 15:38
| #2 |
| /// the machine /// TB-Ausbilder    | Windows Vista -64 Bit - Verdacht auf Virenbefall hi,
__________________Addition.txt von FRST fehlt noch 
__________________ |
|
12.08.2014, 17:11
| #3 |
| | Windows Vista -64 Bit - Verdacht auf Virenbefall Sorry, wusst ich doch, dass ich wieder was vergesse. habs also nochmals durchlaufen lassen:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01 Ran by David (administrator) on DAVID-PC on 12-08-2014 18:09:10 Running from C:\Users\David\Downloads Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGGE.EXE (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (dotPDN LLC) C:\Program Files\Paint.NET\PaintDotNet.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-14] (Realtek Semiconductor) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [EPSON SX125 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.uwz.de/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-28] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-06] Chrome: ======= CHR HomePage: ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U3 pgloapod; \??\C:\Users\David\AppData\Local\Temp\pgloapod.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-12 15:34 - 2014-08-12 15:34 - 00001164 _____ () C:\Users\David\Desktop\maleware.txt 2014-08-12 15:33 - 2014-08-12 15:33 - 00001164 _____ () C:\maleware.txt 2014-08-12 15:05 - 2014-08-12 15:05 - 00380416 _____ () C:\Users\David\Desktop\Gmer-19357.exe 2014-08-12 15:04 - 2014-08-12 15:04 - 00015665 _____ () C:\Users\David\Desktop\FRST.txt 2014-08-12 15:02 - 2014-08-12 18:09 - 00008117 _____ () C:\Users\David\Downloads\FRST.txt 2014-08-12 15:01 - 2014-08-12 15:01 - 02099712 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe 2014-08-12 15:00 - 2014-08-12 15:00 - 00000472 _____ () C:\Users\David\Desktop\defogger_disable.log 2014-08-12 14:58 - 2014-08-12 14:58 - 00000000 _____ () C:\Users\David\Desktop\defogger_reenable 2014-08-12 14:55 - 2014-08-12 14:55 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe 2014-08-01 18:30 - 2014-08-10 17:25 - 00042481 _____ () C:\Users\David\Desktop\PlanspielTauberExtrem.ods 2014-07-30 00:34 - 2014-07-30 00:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-28 13:58 - 2014-07-28 13:58 - 00028931 _____ () C:\Users\David\Documents\alex2.odt 2014-07-26 15:09 - 2014-07-28 10:30 - 00033505 _____ () C:\Users\David\Documents\alex 1.odt 2014-07-22 15:47 - 2014-07-22 15:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-07-20 14:57 - 2014-07-20 14:57 - 00013655 _____ () C:\Users\David\Documents\Scanner.odt 2014-07-17 15:18 - 2014-07-17 15:18 - 00013376 _____ () C:\Users\David\Documents\Unbenannt 1.odt 2014-07-15 11:16 - 2014-08-12 15:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-15 11:15 - 2014-07-15 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-15 11:15 - 2014-07-15 11:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-15 11:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-15 11:15 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-12 18:09 - 2014-08-12 15:02 - 00008117 _____ () C:\Users\David\Downloads\FRST.txt 2014-08-12 18:09 - 2014-05-04 09:52 - 00000000 ____D () C:\FRST 2014-08-12 18:04 - 2008-01-21 03:53 - 01668531 _____ () C:\Windows\WindowsUpdate.log 2014-08-12 18:02 - 2013-11-06 21:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-12 17:14 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-12 17:14 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-12 16:20 - 2013-12-09 21:16 - 00000000 ____D () C:\Users\David\AppData\Local\Paint.NET 2014-08-12 15:34 - 2014-08-12 15:34 - 00001164 _____ () C:\Users\David\Desktop\maleware.txt 2014-08-12 15:34 - 2008-01-01 15:24 - 00000000 ____D () C:\Users\David 2014-08-12 15:33 - 2014-08-12 15:33 - 00001164 _____ () C:\maleware.txt 2014-08-12 15:20 - 2014-07-15 11:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-12 15:14 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-12 15:12 - 2006-11-02 17:42 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-12 15:05 - 2014-08-12 15:05 - 00380416 _____ () C:\Users\David\Desktop\Gmer-19357.exe 2014-08-12 15:04 - 2014-08-12 15:04 - 00015665 _____ () C:\Users\David\Desktop\FRST.txt 2014-08-12 15:01 - 2014-08-12 15:01 - 02099712 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe 2014-08-12 15:00 - 2014-08-12 15:00 - 00000472 _____ () C:\Users\David\Desktop\defogger_disable.log 2014-08-12 14:58 - 2014-08-12 14:58 - 00000000 _____ () C:\Users\David\Desktop\defogger_reenable 2014-08-12 14:55 - 2014-08-12 14:55 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe 2014-08-10 17:25 - 2014-08-01 18:30 - 00042481 _____ () C:\Users\David\Desktop\PlanspielTauberExtrem.ods 2014-08-09 21:45 - 2013-11-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\vlc 2014-08-08 11:19 - 2008-01-21 13:10 - 01661466 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-08 11:19 - 2008-01-21 13:09 - 00709380 _____ () C:\Windows\system32\perfh007.dat 2014-08-08 11:19 - 2008-01-21 13:09 - 00161112 _____ () C:\Windows\system32\perfc007.dat 2014-08-07 15:00 - 2014-01-02 15:21 - 00034688 _____ () C:\Users\David\Desktop\ÜFD.ods 2014-07-31 22:22 - 2014-07-10 00:22 - 00059960 _____ () C:\Users\David\Desktop\planspielfneu.ods 2014-07-31 17:23 - 2013-11-08 18:13 - 00087552 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-30 19:52 - 2013-11-06 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-30 00:34 - 2014-07-30 00:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-28 13:58 - 2014-07-28 13:58 - 00028931 _____ () C:\Users\David\Documents\alex2.odt 2014-07-28 10:30 - 2014-07-26 15:09 - 00033505 _____ () C:\Users\David\Documents\alex 1.odt 2014-07-22 15:47 - 2014-07-22 15:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-07-20 14:57 - 2014-07-20 14:57 - 00013655 _____ () C:\Users\David\Documents\Scanner.odt 2014-07-19 19:12 - 2014-06-08 19:25 - 00015390 _____ () C:\Users\David\Desktop\Höchste gemessene Temperaturen seit 2007.odt 2014-07-17 15:18 - 2014-07-17 15:18 - 00013376 _____ () C:\Users\David\Documents\Unbenannt 1.odt 2014-07-15 23:00 - 2014-05-07 12:13 - 00000000 ____D () C:\ProgramData\Origin 2014-07-15 20:39 - 2014-05-07 12:13 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-07-15 13:54 - 2013-10-30 14:05 - 00000000 ____D () C:\Users\David\Documents\Lesestoff 2014-07-15 11:16 - 2013-11-08 17:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\Malwarebytes 2014-07-15 11:15 - 2014-07-15 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-15 11:15 - 2014-07-15 11:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-15 11:15 - 2013-11-08 17:05 - 00000941 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-15 11:15 - 2013-11-08 17:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-15 11:15 - 2013-11-08 17:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware Some content of TEMP: ==================== C:\Users\David\AppData\Local\Temp\78335uninstall.exe C:\Users\David\AppData\Local\Temp\avgnt.exe C:\Users\David\AppData\Local\Temp\ose00000.exe C:\Users\David\AppData\Local\Temp\ose00001.exe C:\Users\David\AppData\Local\Temp\Quarantine.exe C:\Users\David\AppData\Local\Temp\Sqlite3.dll C:\Users\David\AppData\Local\Temp\VIS_DE-2013-12-13.exe C:\Users\David\AppData\Local\Temp\vlc-2.1.1-win64.exe C:\Users\David\AppData\Local\Temp\vlc-2.1.2-win64.exe C:\Users\David\AppData\Local\Temp\vlc-2.1.3-win64.exe C:\Users\David\AppData\Local\Temp\vlc-2.1.4-win64.exe C:\Users\David\AppData\Local\Temp\_is6E59.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-12 15:19 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01
Ran by David at 2014-08-12 18:09:38
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Druckerdeinstallation für EPSON SX125 Series (HKLM\...\EPSON SX125 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Free YouTube Download version 3.2.16.1030 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.16.1030 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.0.0 - Electronic Arts)
Fussball Manager 2003 (HKLM-x32\...\{7B80F2CF-3012-41B3-0083-D96E3B923A33}) (Version: - )
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) Network Connections 15.3.68.0 (HKLM\...\PROSetDX) (Version: 15.3.68.0 - Intel)
Intel(R) Network Connections 15.3.68.0 (Version: 15.3.68.0 - Intel) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6201 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.14 - NCH Software)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
10-07-2014 12:20:59 Windows Update
11-07-2014 08:32:49 Windows Update
12-07-2014 10:29:08 Geplanter Prüfpunkt
15-07-2014 08:26:49 Windows Update
17-07-2014 11:51:15 Geplanter Prüfpunkt
18-07-2014 11:05:10 Geplanter Prüfpunkt
18-07-2014 13:10:59 Windows Update
19-07-2014 19:20:47 Geplanter Prüfpunkt
22-07-2014 06:42:43 Windows Update
25-07-2014 11:29:10 Geplanter Prüfpunkt
26-07-2014 08:12:58 Windows Update
27-07-2014 16:52:45 Geplanter Prüfpunkt
29-07-2014 00:21:31 Geplanter Prüfpunkt
29-07-2014 22:00:06 Geplanter Prüfpunkt
29-07-2014 22:12:22 Windows Update
30-07-2014 16:16:55 Geplanter Prüfpunkt
03-08-2014 09:56:40 Windows Update
05-08-2014 15:06:15 Geplanter Prüfpunkt
06-08-2014 17:05:13 Geplanter Prüfpunkt
07-08-2014 15:47:36 Geplanter Prüfpunkt
07-08-2014 17:38:41 Windows Update
08-08-2014 11:03:04 Geplanter Prüfpunkt
11-08-2014 13:25:09 Windows Update
12-08-2014 15:23:19 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {86A47048-E643-4F44-A3AE-1F83D81CC58C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9F16D07D-44F1-4DB3-81F5-24E575F94CAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-03-29 03:07 - 2013-03-29 03:07 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2014-02-13 04:14 - 2014-02-13 04:14 - 00240640 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PaintDotNet.SystemL#\76bc3f80ebabbbe39f066dcc7ff34074\PaintDotNet.SystemLayer.Native.x64.ni.dll
2013-08-17 15:01 - 2013-08-17 15:01 - 00129600 _____ () C:\Program Files\Paint.NET\Native.x64\PaintDotNet.Native.x64.dll
2013-08-17 15:01 - 2013-08-17 15:01 - 00085568 _____ () C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x64.dll
2014-07-30 00:34 - 2014-07-30 00:34 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/12/2014 05:23:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Zugriff verweigert
Error: (08/12/2014 05:23:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Zugriff verweigert
Error: (08/12/2014 03:15:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/12/2014 03:15:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, fehlerhaftes Modul Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, Ausnahmecode 0xc0000005, Fehleroffset 0x000011aa,
Prozess-ID 0xfa8, Anwendungsstartzeit Gmer-19357.exe0.
Error: (08/12/2014 03:12:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, fehlerhaftes Modul Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, Ausnahmecode 0xc0000005, Fehleroffset 0x000011aa,
Prozess-ID 0x12e0, Anwendungsstartzeit Gmer-19357.exe0.
Error: (08/12/2014 03:11:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, fehlerhaftes Modul Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, Ausnahmecode 0xc0000005, Fehleroffset 0x000011aa,
Prozess-ID 0x13c, Anwendungsstartzeit Gmer-19357.exe0.
Error: (08/12/2014 03:11:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, fehlerhaftes Modul Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, Ausnahmecode 0xc0000005, Fehleroffset 0x000011aa,
Prozess-ID 0x1148, Anwendungsstartzeit Gmer-19357.exe0.
Error: (08/12/2014 03:10:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, fehlerhaftes Modul Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, Ausnahmecode 0xc0000005, Fehleroffset 0x000011aa,
Prozess-ID 0xfb0, Anwendungsstartzeit Gmer-19357.exe0.
Error: (08/12/2014 01:24:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/12/2014 09:20:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (08/11/2014 03:30:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.179.2746.0){A04F2507-EF23-4E01-B4B8-21988C3740D1}201
Error: (08/11/2014 03:30:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (08/11/2014 03:29:59 PM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Modulversion:
Vorherige Modulversion:
Modultyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Fehlercode: %NT-AUTORITÄT601
Fehlerbeschreibung: %NT-AUTORITÄT602
Error: (08/11/2014 03:29:59 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion:
Aktualisierungsquelle: %NT-AUTORITÄT15
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (08/11/2014 03:29:39 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.179.2746.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (08/11/2014 03:29:31 PM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Modulversion:
Vorherige Modulversion:
Modultyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Fehlercode: %NT-AUTORITÄT601
Fehlerbeschreibung: %NT-AUTORITÄT602
Error: (08/11/2014 03:29:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion:
Aktualisierungsquelle: %NT-AUTORITÄT15
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (08/10/2014 11:01:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.179.2630.0){0351D4F3-BEEB-42C5-8201-55E5397E501B}201
Error: (08/10/2014 11:01:34 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (08/10/2014 11:01:20 AM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Modulversion:
Vorherige Modulversion:
Modultyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Fehlercode: %NT-AUTORITÄT601
Fehlerbeschreibung: %NT-AUTORITÄT602
Microsoft Office Sessions:
=========================
Error: (08/12/2014 05:23:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Zugriff verweigert
Error: (08/12/2014 05:23:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Zugriff verweigert
Error: (08/12/2014 03:15:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/12/2014 03:15:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aafa801cfb62f6e4b6839
Error: (08/12/2014 03:12:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa12e001cfb62f099170fe
Error: (08/12/2014 03:11:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa13c01cfb62ef5e65812
Error: (08/12/2014 03:11:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa114801cfb62ee6209799
Error: (08/12/2014 03:10:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aafb001cfb62ed7b083d1
Error: (08/12/2014 01:24:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/12/2014 09:20:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-08-12 18:09:34.967
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-12 18:09:34.860
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-12 18:09:34.752
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-12 18:09:34.628
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-12 18:09:34.440
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-12 18:09:34.330
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-12 18:09:34.222
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-12 18:09:34.114
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-12 18:08:49.326
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-12 18:08:49.226
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 62%
Total physical RAM: 4027.9 MB
Available physical RAM: 1525.59 MB
Total Pagefile: 8247.09 MB
Available Pagefile: 5682.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:581.52 GB) (Free:300.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 205A4912)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=582 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
12.08.2014, 18:47
| #4 |
| /// the machine /// TB-Ausbilder | Windows Vista -64 Bit - Verdacht auf Virenbefall Was für Fehlermeldungen kommen denn? Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.08.2014, 20:19
| #5 |
| | Windows Vista -64 Bit - Verdacht auf Virenbefall Hallo schrauber, Fehlermeldungen/Probleme: -Flash Player stürzt häufig ab -Firefox braucht beim erstmaligen Starten sehr lange bis es läuft -allgemein hab ich das Gefühl, das irgendwas nicht stimmt, bzw. der Rechner deutlich an Leistung verloren hat. -Windows zickt ab und an rum, vermutlich hab ich noch was vergessen. -achja, M-K-D-B weiß es mittlerweile, ich bin am PC sowas von ne Niete...  Danke Dir! Code:
ATTFilter ComboFix 14-08-12.01 - David 12.08.2014 20:50:32.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4028.1970 [GMT 2:00]
ausgeführt von:: c:\users\David\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-12 bis 2014-08-12 ))))))))))))))))))))))))))))))
.
.
2014-08-12 18:57 . 2014-08-12 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-12 18:57 . 2014-08-12 18:57 -------- d-----w- c:\users\David\AppData\Local\temp
2014-08-12 16:17 . 2014-08-12 16:16 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE103E78-04F5-4AFF-BB09-BEEB7EFFF15C}\gapaengine.dll
2014-08-12 16:16 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F042E3F-BEAA-4194-A61D-E764A90353F4}\mpengine.dll
2014-08-12 13:15 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-22 13:47 . 2014-07-22 13:47 122584 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-07-15 09:16 . 2014-08-12 13:20 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-15 09:15 . 2014-07-15 09:15 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-07-15 09:15 . 2014-05-12 05:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-15 09:15 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 09:51 . 2006-11-02 12:35 96441528 ----a-w- c:\windows\system32\mrt.exe
2014-07-09 15:02 . 2013-11-06 19:36 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 15:02 . 2013-11-06 19:36 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-07 04:02 . 2014-07-09 08:02 17854464 ----a-w- c:\windows\system32\mshtml.dll
2014-06-07 03:13 . 2014-07-09 08:02 10890752 ----a-w- c:\windows\system32\ieframe.dll
2014-06-07 02:59 . 2014-07-09 08:02 2339328 ----a-w- c:\windows\system32\jscript9.dll
2014-06-07 02:52 . 2014-07-09 08:02 1348608 ----a-w- c:\windows\system32\urlmon.dll
2014-06-07 02:51 . 2014-07-09 08:02 1494016 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-07 02:51 . 2014-07-09 08:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2014-06-07 02:50 . 2014-07-09 08:02 237056 ----a-w- c:\windows\system32\url.dll
2014-06-07 02:47 . 2014-07-09 08:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2014-06-07 02:45 . 2014-07-09 08:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-07 02:45 . 2014-07-09 08:02 816640 ----a-w- c:\windows\system32\jscript.dll
2014-06-07 02:45 . 2014-07-09 08:02 599040 ----a-w- c:\windows\system32\vbscript.dll
2014-06-07 02:42 . 2014-07-09 08:02 2148352 ----a-w- c:\windows\system32\iertutil.dll
2014-06-07 02:42 . 2014-07-09 08:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
2014-06-07 02:42 . 2014-07-09 08:02 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-06-07 02:42 . 2014-07-09 08:02 282112 ----a-w- c:\windows\system32\dxtrans.dll
2014-06-07 02:41 . 2014-07-09 08:02 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-06-07 02:41 . 2014-07-09 08:02 11264 ----a-w- c:\windows\system32\msfeedssync.exe
2014-06-07 02:41 . 2014-07-09 08:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2014-06-07 02:40 . 2014-07-09 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-07 02:39 . 2014-07-09 08:02 12800 ----a-w- c:\windows\system32\mshta.exe
2014-06-07 02:35 . 2014-07-09 08:02 248320 ----a-w- c:\windows\system32\ieui.dll
2014-06-07 00:33 . 2014-07-09 07:56 2777088 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 23:12 . 2014-07-09 08:02 1810432 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-06-06 23:03 . 2014-07-09 08:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-06-06 23:02 . 2014-07-09 08:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2014-06-06 22:57 . 2014-07-09 08:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-06-06 22:56 . 2014-07-09 08:02 421376 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-06-06 22:52 . 2014-07-09 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-06-06 22:51 . 2014-07-09 08:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2014-06-06 08:59 . 2014-07-09 07:56 506880 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-06 07:13 . 2014-07-09 07:56 620032 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 07:10 . 2014-07-09 07:56 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - pgloapod
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-06 15:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-14 11465832]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.uwz.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2014-08-12 21:01:55
ComboFix-quarantined-files.txt 2014-08-12 19:01
.
Vor Suchlauf: 14 Verzeichnis(se), 323.554.877.440 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 326.386.933.760 Bytes frei
.
- - End Of File - - 1A00D3794A5A92D5DAEAD6718E599BD8
5C616939100B85E558DA92B899A0FC36
|
|
13.08.2014, 10:54
| #6 |
| /// the machine /// TB-Ausbilder | Windows Vista -64 Bit - Verdacht auf Virenbefall
 Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows Vista -64 Bit - Verdacht auf Virenbefall |
|
13.08.2014, 16:59
| #7 |
| | Windows Vista -64 Bit - Verdacht auf Virenbefall Tweaking bringt mir unter Punkt 3 die (Fehler-)Meldung: "The last sheduled had errors or failed" Möglichkeiten "Close" oder "View logs"?! Da ich Malewaredingensbummens schon auf dem Rechner hab brauch ich das nicht mehr/nochmal neu instalieren oder?! lg |
|
14.08.2014, 12:54
| #8 |
| /// the machine /// TB-Ausbilder | Windows Vista -64 Bit - Verdacht auf Virenbefall nee einfach überspringen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.08.2014, 17:04
| #9 |
| | Windows Vista -64 Bit - Verdacht auf Virenbefall schwere Geburt... seufz, für manche Menschen beinhaltet wohl gar ein Rechenschieber zuviele Funktionen... bei Twaeking hate ich so meine Probleme, müsste aber letztlich doch komplett gelaufen sein. lg MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.08.2014 Suchlauf-Zeit: 17:18:31 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.14.08 Rootkit Datenbank: v2014.08.04.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x64 Dateisystem: NTFS Benutzer: David Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 295232 Verstrichene Zeit: 8 Min, 50 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.205 - Bericht erstellt am 04/05/2014 um 17:38:25
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : David - DAVID-PC
# Gestartet von : C:\Users\David\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\Program Files (x86)\Softonic
[!] Ordner Gelöscht : C:\Users\David\.android
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\genienext
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\Mobogenie
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\Temp\apn
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\Temp\mt_ffx
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\Temp\OCS
[!] Ordner Gelöscht : C:\Users\David\AppData\LocalLow\Softonic
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\DigitalSites
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\dvdvideosoftiehelpers
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\Windows Net Data
[!] Ordner Gelöscht : C:\Users\David\Documents\Mobogenie
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Datei Gelöscht : C:\Users\David\daemonprocess.txt
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job
Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites
Datei Gelöscht : C:\Windows\Tasks\FoxTab.job
Datei Gelöscht : C:\Windows\System32\Tasks\FoxTab
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-5.0
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VIS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16545
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=d8d4504200000000000000270e02e5ef");
Zeile gelöscht : user_pref("extensions.Softonic.id", "d8d4504200000000000000270e02e5ef");
Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16026");
Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=d8d4504200000000000000270e02e5ef");
Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=d8d4504200000000000000270e02e5ef&q=");
Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.1412:23:49");
Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1435dda705b770221e7c8d5f1085b06c");
Zeile gelöscht : user_pref("iminent.LayoutId", "28");
Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1388853662156259200\"},\"facebook\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\"[...]
Zeile gelöscht : user_pref("iminent.enabledAds", "false");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent109", "1388853729855");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent111", "1388853729863");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent122", "1388853729870");
Zeile gelöscht : user_pref("iminent.version", "7.51.3.1");
Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.51.3.1\",\"InstallEventCTime\":1388853695512,\"InstallEvent\":\"True\"}");
-\\ Google Chrome v
[ Datei : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [11358 octets] - [04/05/2014 12:21:32]
AdwCleaner[R1].txt - [11419 octets] - [04/05/2014 12:28:01]
AdwCleaner[R2].txt - [11480 octets] - [04/05/2014 17:37:57]
AdwCleaner[S0].txt - [9442 octets] - [04/05/2014 17:38:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9502 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.305 - Bericht erstellt am 14/08/2014 um 17:39:13
# Aktualisiert 14/08/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : David - DAVID-PC
# Gestartet von : C:\Users\David\Downloads\adwcleaner_3.305.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\NCH Software
[!] Ordner Gelöscht : C:\Program Files (x86)\NCH Software
[!] Ordner Gelöscht : C:\Program Files (x86)\VideoConverter
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\NCH Software
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\foxydeal.sqlite
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16563
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [12963 octets] - [04/05/2014 12:21:32]
AdwCleaner[R1].txt - [11419 octets] - [04/05/2014 12:28:01]
AdwCleaner[R2].txt - [11480 octets] - [04/05/2014 17:37:57]
AdwCleaner[S0].txt - [11067 octets] - [04/05/2014 17:38:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11128 octets] ##########
Junk: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by David on 14.08.2014 at 17:45:25,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\rr55d08t.default\minidumps [20 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.08.2014 at 17:51:39,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 01 Ran by David (administrator) on DAVID-PC on 14-08-2014 17:53:56 Running from C:\Users\David\Downloads Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-14] (Realtek Semiconductor) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.uwz.de/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-28] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-06] Chrome: ======= CHR HomePage: ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) S3 TweakingRunAsSystemService; "C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\tweaking_ras.exe" cmd.exe []/c start /HIGH cmd.exe /c C:\Users\David\AppData\Local\Temp\temp497.bat & exit ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation) S1 Beep; No ImagePath R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 17:53 - 2014-08-14 17:53 - 00000000 ____D () C:\Users\David\Downloads\FRST-OlderVersion 2014-08-14 17:51 - 2014-08-14 17:51 - 00000766 _____ () C:\Users\David\Desktop\JRT2.txt 2014-08-14 17:51 - 2014-08-14 17:51 - 00000766 _____ () C:\Users\David\Desktop\JRT.txt 2014-08-14 17:44 - 2014-08-14 17:44 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe 2014-08-14 17:42 - 2014-08-14 17:42 - 00011209 _____ () C:\Users\David\Desktop\AdwCleaner[S0].txt 2014-08-14 17:31 - 2014-08-14 17:31 - 01356107 _____ () C:\Users\David\Downloads\adwcleaner_3.305.exe 2014-08-14 17:30 - 2014-08-14 17:30 - 00014579 _____ () C:\Users\David\Desktop\mbam.odt 2014-08-14 10:45 - 2014-08-14 10:45 - 00000680 _____ () C:\Users\David\AppData\Local\d3d9caps.dat 2014-08-14 10:22 - 2014-06-27 00:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-14 10:22 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-14 10:22 - 2014-06-27 00:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-14 10:22 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-14 10:22 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-14 10:22 - 2014-06-27 00:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-14 10:22 - 2014-06-06 06:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-14 10:22 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-13 22:23 - 2014-07-25 06:27 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-13 22:23 - 2014-07-25 06:18 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-13 22:23 - 2014-07-25 05:15 - 02781696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-13 22:23 - 2014-07-24 21:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-13 22:23 - 2014-07-24 21:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-13 22:23 - 2014-07-24 21:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-13 22:23 - 2014-07-24 21:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-13 22:23 - 2014-07-24 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-13 22:23 - 2014-07-24 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-13 22:23 - 2014-07-24 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-13 22:23 - 2014-07-24 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-13 22:23 - 2014-07-24 21:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-13 22:23 - 2014-07-24 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-13 22:23 - 2014-07-24 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-13 22:23 - 2014-07-24 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-13 22:23 - 2014-07-24 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-13 22:23 - 2014-07-24 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-13 22:23 - 2014-07-24 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-13 22:23 - 2014-07-24 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-13 22:23 - 2014-07-24 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-13 22:23 - 2014-07-24 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-13 22:23 - 2014-07-24 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-13 22:23 - 2014-07-24 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-13 22:23 - 2014-07-24 21:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-13 22:23 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-13 22:23 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-13 22:23 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-13 22:23 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-13 22:23 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-13 22:23 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-13 22:23 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-08-13 22:23 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-13 22:23 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-13 22:23 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-08-13 22:23 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-13 22:23 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-13 22:23 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-13 22:23 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-13 22:23 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-13 22:23 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-13 22:23 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-13 22:23 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-08-13 22:23 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-08-13 22:23 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-08-13 22:23 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-13 22:23 - 2014-06-14 02:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-13 22:23 - 2014-06-14 02:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-13 22:21 - 2014-07-08 03:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-13 22:21 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-13 22:21 - 2014-06-02 23:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-13 22:21 - 2014-06-02 23:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-13 22:21 - 2014-06-02 23:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-13 22:21 - 2014-06-02 23:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-08-13 22:21 - 2014-06-02 22:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-13 22:21 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-13 22:21 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-13 22:21 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-13 17:17 - 2014-08-13 17:17 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAVID-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat 2014-08-13 17:17 - 2014-08-13 17:17 - 00000000 ____D () C:\RegBackup 2014-08-13 13:43 - 2014-08-13 13:43 - 00001994 _____ () C:\Users\David\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2014-08-13 13:42 - 2014-08-13 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2014-08-13 13:42 - 2014-08-13 13:42 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com 2014-08-13 13:39 - 2014-08-13 13:40 - 09521280 _____ () C:\Users\David\Downloads\tweaking.com_windows_repair_aio_setup.exe 2014-08-12 21:13 - 2014-08-12 21:13 - 00013215 _____ () C:\Users\David\Desktop\combofix.txt 2014-08-12 21:01 - 2014-08-12 21:01 - 00013215 _____ () C:\ComboFix.txt 2014-08-12 20:48 - 2014-08-12 21:01 - 00000000 ____D () C:\Qoobox 2014-08-12 20:48 - 2014-08-12 21:00 - 00000000 ____D () C:\Windows\erdnt 2014-08-12 20:48 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-12 20:48 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-12 20:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-12 20:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-12 20:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-12 20:48 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-12 20:48 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-12 20:48 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-12 20:05 - 2014-08-12 20:06 - 05569662 ____R (Swearware) C:\Users\David\Desktop\ComboFix.exe 2014-08-12 18:09 - 2014-08-12 18:10 - 00027156 _____ () C:\Users\David\Downloads\Addition.txt 2014-08-12 15:34 - 2014-08-12 15:34 - 00001164 _____ () C:\Users\David\Desktop\maleware.txt 2014-08-12 15:33 - 2014-08-12 15:33 - 00001164 _____ () C:\maleware.txt 2014-08-12 15:05 - 2014-08-12 15:05 - 00380416 _____ () C:\Users\David\Desktop\Gmer-19357.exe 2014-08-12 15:04 - 2014-08-12 15:04 - 00015665 _____ () C:\Users\David\Desktop\FRST.txt 2014-08-12 15:02 - 2014-08-14 17:53 - 00007791 _____ () C:\Users\David\Downloads\FRST.txt 2014-08-12 15:01 - 2014-08-14 17:53 - 02100224 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe 2014-08-12 15:00 - 2014-08-12 15:00 - 00000472 _____ () C:\Users\David\Desktop\defogger_disable.log 2014-08-12 14:58 - 2014-08-12 14:58 - 00000000 _____ () C:\Users\David\Desktop\defogger_reenable 2014-08-12 14:55 - 2014-08-12 14:55 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe 2014-08-01 18:30 - 2014-08-10 17:25 - 00042481 _____ () C:\Users\David\Desktop\PlanspielTauberExtrem.ods 2014-07-30 00:34 - 2014-07-30 00:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-28 13:58 - 2014-07-28 13:58 - 00028931 _____ () C:\Users\David\Documents\alex2.odt 2014-07-26 15:09 - 2014-07-28 10:30 - 00033505 _____ () C:\Users\David\Documents\alex 1.odt 2014-07-22 15:47 - 2014-07-22 15:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-07-20 14:57 - 2014-07-20 14:57 - 00013655 _____ () C:\Users\David\Documents\Scanner.odt 2014-07-17 15:18 - 2014-07-17 15:18 - 00013376 _____ () C:\Users\David\Documents\Unbenannt 1.odt 2014-07-15 11:16 - 2014-08-14 17:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-15 11:15 - 2014-07-15 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-15 11:15 - 2014-07-15 11:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-15 11:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-15 11:15 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 17:53 - 2014-08-14 17:53 - 00000000 ____D () C:\Users\David\Downloads\FRST-OlderVersion 2014-08-14 17:53 - 2014-08-12 15:02 - 00007791 _____ () C:\Users\David\Downloads\FRST.txt 2014-08-14 17:53 - 2014-08-12 15:01 - 02100224 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe 2014-08-14 17:53 - 2014-05-04 09:52 - 00000000 ____D () C:\FRST 2014-08-14 17:51 - 2014-08-14 17:51 - 00000766 _____ () C:\Users\David\Desktop\JRT2.txt 2014-08-14 17:51 - 2014-08-14 17:51 - 00000766 _____ () C:\Users\David\Desktop\JRT.txt 2014-08-14 17:45 - 2008-01-21 13:10 - 01661466 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-14 17:45 - 2008-01-21 13:09 - 00695484 _____ () C:\Windows\system32\perfh007.dat 2014-08-14 17:45 - 2008-01-21 13:09 - 00156942 _____ () C:\Windows\system32\perfc007.dat 2014-08-14 17:44 - 2014-08-14 17:44 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe 2014-08-14 17:44 - 2008-01-21 03:53 - 02078550 _____ () C:\Windows\WindowsUpdate.log 2014-08-14 17:43 - 2014-07-15 11:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 17:42 - 2014-08-14 17:42 - 00011209 _____ () C:\Users\David\Desktop\AdwCleaner[S0].txt 2014-08-14 17:41 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 17:41 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-14 17:41 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-14 17:41 - 2006-11-02 17:07 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-08-14 17:40 - 2008-01-21 05:26 - 00325632 _____ () C:\Windows\PFRO.log 2014-08-14 17:39 - 2014-05-04 12:21 - 00000000 ____D () C:\AdwCleaner 2014-08-14 17:39 - 2006-11-02 17:42 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-14 17:31 - 2014-08-14 17:31 - 01356107 _____ () C:\Users\David\Downloads\adwcleaner_3.305.exe 2014-08-14 17:30 - 2014-08-14 17:30 - 00014579 _____ () C:\Users\David\Desktop\mbam.odt 2014-08-14 17:02 - 2013-11-06 21:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-14 15:34 - 2006-11-02 14:34 - 00000164 _____ () C:\Windows\win.ini 2014-08-14 11:00 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache 2014-08-14 10:45 - 2014-08-14 10:45 - 00000680 _____ () C:\Users\David\AppData\Local\d3d9caps.dat 2014-08-14 10:45 - 2008-01-01 15:24 - 00001460 _____ () C:\Users\David\AppData\Local\d3d9caps64.dat 2014-08-14 10:44 - 2006-11-02 17:21 - 00394568 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-13 19:26 - 2013-11-08 18:13 - 00090112 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-13 17:17 - 2014-08-13 17:17 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAVID-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat 2014-08-13 17:17 - 2014-08-13 17:17 - 00000000 ____D () C:\RegBackup 2014-08-13 13:43 - 2014-08-13 13:43 - 00001994 _____ () C:\Users\David\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2014-08-13 13:42 - 2014-08-13 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2014-08-13 13:42 - 2014-08-13 13:42 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com 2014-08-13 13:40 - 2014-08-13 13:39 - 09521280 _____ () C:\Users\David\Downloads\tweaking.com_windows_repair_aio_setup.exe 2014-08-12 21:13 - 2014-08-12 21:13 - 00013215 _____ () C:\Users\David\Desktop\combofix.txt 2014-08-12 21:01 - 2014-08-12 21:01 - 00013215 _____ () C:\ComboFix.txt 2014-08-12 21:01 - 2014-08-12 20:48 - 00000000 ____D () C:\Qoobox 2014-08-12 21:01 - 2006-11-02 15:33 - 00000000 __RHD () C:\Users\Default 2014-08-12 21:00 - 2014-08-12 20:48 - 00000000 ____D () C:\Windows\erdnt 2014-08-12 21:00 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini 2014-08-12 20:55 - 2013-11-08 17:02 - 00000000 ____D () C:\ProgramData\TEMP 2014-08-12 20:06 - 2014-08-12 20:05 - 05569662 ____R (Swearware) C:\Users\David\Desktop\ComboFix.exe 2014-08-12 18:10 - 2014-08-12 18:09 - 00027156 _____ () C:\Users\David\Downloads\Addition.txt 2014-08-12 16:20 - 2013-12-09 21:16 - 00000000 ____D () C:\Users\David\AppData\Local\Paint.NET 2014-08-12 15:34 - 2014-08-12 15:34 - 00001164 _____ () C:\Users\David\Desktop\maleware.txt 2014-08-12 15:34 - 2008-01-01 15:24 - 00000000 ____D () C:\Users\David 2014-08-12 15:33 - 2014-08-12 15:33 - 00001164 _____ () C:\maleware.txt 2014-08-12 15:05 - 2014-08-12 15:05 - 00380416 _____ () C:\Users\David\Desktop\Gmer-19357.exe 2014-08-12 15:04 - 2014-08-12 15:04 - 00015665 _____ () C:\Users\David\Desktop\FRST.txt 2014-08-12 15:00 - 2014-08-12 15:00 - 00000472 _____ () C:\Users\David\Desktop\defogger_disable.log 2014-08-12 14:58 - 2014-08-12 14:58 - 00000000 _____ () C:\Users\David\Desktop\defogger_reenable 2014-08-12 14:55 - 2014-08-12 14:55 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe 2014-08-10 17:25 - 2014-08-01 18:30 - 00042481 _____ () C:\Users\David\Desktop\PlanspielTauberExtrem.ods 2014-08-09 21:45 - 2013-11-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\vlc 2014-08-07 15:00 - 2014-01-02 15:21 - 00034688 _____ () C:\Users\David\Desktop\ÜFD.ods 2014-07-31 22:22 - 2014-07-10 00:22 - 00059960 _____ () C:\Users\David\Desktop\planspielfneu.ods 2014-07-30 19:52 - 2013-11-06 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-30 00:34 - 2014-07-30 00:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-28 13:58 - 2014-07-28 13:58 - 00028931 _____ () C:\Users\David\Documents\alex2.odt 2014-07-28 10:30 - 2014-07-26 15:09 - 00033505 _____ () C:\Users\David\Documents\alex 1.odt 2014-07-25 06:27 - 2014-08-13 22:23 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-07-25 06:18 - 2014-08-13 22:23 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-07-25 05:15 - 2014-08-13 22:23 - 02781696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-24 21:28 - 2014-08-13 22:23 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-24 21:12 - 2014-08-13 22:23 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-24 21:10 - 2014-08-13 22:23 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-24 21:07 - 2014-08-13 22:23 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-24 21:06 - 2014-08-13 22:23 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-24 21:05 - 2014-08-13 22:23 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-24 21:05 - 2014-08-13 22:23 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-07-24 21:05 - 2014-08-13 22:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-24 21:04 - 2014-08-13 22:23 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-24 21:04 - 2014-08-13 22:23 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-07-24 21:04 - 2014-08-13 22:23 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-24 21:04 - 2014-08-13 22:23 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-24 21:04 - 2014-08-13 22:23 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-24 21:04 - 2014-08-13 22:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-24 21:03 - 2014-08-13 22:23 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-24 21:03 - 2014-08-13 22:23 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-24 21:03 - 2014-08-13 22:23 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-24 21:03 - 2014-08-13 22:23 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-07-24 21:03 - 2014-08-13 22:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-07-24 21:03 - 2014-08-13 22:23 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-07-24 21:02 - 2014-08-13 22:23 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-24 20:07 - 2014-08-13 22:23 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-24 19:58 - 2014-08-13 22:23 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-24 19:57 - 2014-08-13 22:23 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-24 19:52 - 2014-08-13 22:23 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-24 19:51 - 2014-08-13 22:23 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-24 19:51 - 2014-08-13 22:23 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-24 19:50 - 2014-08-13 22:23 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-07-24 19:50 - 2014-08-13 22:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-24 19:49 - 2014-08-13 22:23 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-24 19:49 - 2014-08-13 22:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-07-24 19:49 - 2014-08-13 22:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-24 19:49 - 2014-08-13 22:23 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-24 19:49 - 2014-08-13 22:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-24 19:48 - 2014-08-13 22:23 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-24 19:48 - 2014-08-13 22:23 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-24 19:48 - 2014-08-13 22:23 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-24 19:48 - 2014-08-13 22:23 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-24 19:48 - 2014-08-13 22:23 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-07-24 19:48 - 2014-08-13 22:23 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-07-24 19:48 - 2014-08-13 22:23 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-07-24 19:47 - 2014-08-13 22:23 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-22 15:47 - 2014-07-22 15:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-07-20 14:57 - 2014-07-20 14:57 - 00013655 _____ () C:\Users\David\Documents\Scanner.odt 2014-07-19 19:12 - 2014-06-08 19:25 - 00015390 _____ () C:\Users\David\Desktop\Höchste gemessene Temperaturen seit 2007.odt 2014-07-17 15:18 - 2014-07-17 15:18 - 00013376 _____ () C:\Users\David\Documents\Unbenannt 1.odt 2014-07-15 23:00 - 2014-05-07 12:13 - 00000000 ____D () C:\ProgramData\Origin 2014-07-15 20:39 - 2014-05-07 12:13 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-07-15 13:54 - 2013-10-30 14:05 - 00000000 ____D () C:\Users\David\Documents\Lesestoff 2014-07-15 11:16 - 2013-11-08 17:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\Malwarebytes 2014-07-15 11:15 - 2014-07-15 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-15 11:15 - 2014-07-15 11:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-15 11:15 - 2013-11-08 17:05 - 00000941 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-15 11:15 - 2013-11-08 17:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-15 11:15 - 2013-11-08 17:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware Some content of TEMP: ==================== C:\Users\David\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-14 17:46 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014 01
Ran by David at 2014-08-14 17:54:33
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Druckerdeinstallation für EPSON SX125 Series (HKLM\...\EPSON SX125 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Free YouTube Download version 3.2.16.1030 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.16.1030 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.0.0 - Electronic Arts)
Fussball Manager 2003 (HKLM-x32\...\{7B80F2CF-3012-41B3-0083-D96E3B923A33}) (Version: - )
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) Network Connections 15.3.68.0 (HKLM\...\PROSetDX) (Version: 15.3.68.0 - Intel)
Intel(R) Network Connections 15.3.68.0 (Version: 15.3.68.0 - Intel) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6201 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.5 - Tweaking.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.14 - NCH Software)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
10-07-2014 12:20:59 Windows Update
11-07-2014 08:32:49 Windows Update
12-07-2014 10:29:08 Geplanter Prüfpunkt
15-07-2014 08:26:49 Windows Update
17-07-2014 11:51:15 Geplanter Prüfpunkt
18-07-2014 11:05:10 Geplanter Prüfpunkt
18-07-2014 13:10:59 Windows Update
19-07-2014 19:20:47 Geplanter Prüfpunkt
22-07-2014 06:42:43 Windows Update
25-07-2014 11:29:10 Geplanter Prüfpunkt
26-07-2014 08:12:58 Windows Update
27-07-2014 16:52:45 Geplanter Prüfpunkt
29-07-2014 00:21:31 Geplanter Prüfpunkt
29-07-2014 22:00:06 Geplanter Prüfpunkt
29-07-2014 22:12:22 Windows Update
30-07-2014 16:16:55 Geplanter Prüfpunkt
03-08-2014 09:56:40 Windows Update
05-08-2014 15:06:15 Geplanter Prüfpunkt
06-08-2014 17:05:13 Geplanter Prüfpunkt
07-08-2014 15:47:36 Geplanter Prüfpunkt
07-08-2014 17:38:41 Windows Update
08-08-2014 11:03:04 Geplanter Prüfpunkt
11-08-2014 13:25:09 Windows Update
12-08-2014 15:23:19 Geplanter Prüfpunkt
13-08-2014 12:29:24 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 14:34 - 2014-08-14 15:35 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {86A47048-E643-4F44-A3AE-1F83D81CC58C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9F16D07D-44F1-4DB3-81F5-24E575F94CAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-03-29 03:07 - 2013-03-29 03:07 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Compact Flash
Description: Compact Flash
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: MS/MS-Pro
Description: MS/MS-Pro
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: SD/MMC
Description: SD/MMC
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: SM/xD-Picture
Description: SM/xD-Picture
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-08-14 17:54:28.547
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:28.437
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:28.328
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:28.203
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:28.016
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:27.906
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:27.781
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:27.641
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:24:39.317
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:24:39.213
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 34%
Total physical RAM: 4027.9 MB
Available physical RAM: 2621.36 MB
Total Pagefile: 8231.09 MB
Available Pagefile: 6678.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:581.52 GB) (Free:298.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 205A4912)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=582 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
15.08.2014, 13:01
| #10 |
| /// the machine /// TB-Ausbilder | Windows Vista -64 Bit - Verdacht auf VirenbefallESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.08.2014, 20:07
| #11 |
| | Windows Vista -64 Bit - Verdacht auf Virenbefall nur zur Info: komme erst morgen dazu weiter zu machen! Herzlichen Dank Dir und M-K-D-B, immer wieder klasse, dass es euch gibt!  |
|
17.08.2014, 14:44
| #12 |
| /// the machine /// TB-Ausbilder | Windows Vista -64 Bit - Verdacht auf Virenbefall ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.08.2014, 14:32
| #13 |
| | Windows Vista -64 Bit - Verdacht auf Virenbefall Rest folgt morgen. War wohl nicht allzu celver von mir, ESET zu deinstalieren, bevor ich die Logfile gepostet hatte...  Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=743aee4c1ebeb04091f449e1b126a5a8
# engine=19700
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-17 06:24:15
# local_time=2014-08-17 08:24:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 11786942 49605971 0 0
# scanned=198766
# found=10
# cleaned=0
# scan_time=4274
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoConverter\VideoConverter.exe.vir"
sh=12A81C015E84CAB1346754690B8683E3D0F5C542 ft=1 fh=2038865bafb4f80a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=CC52EE1298EA7A344B1C0CD7D03D1A059C77FD39 ft=1 fh=d235b59034f549ec vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=659E678C5D8CE742CC03A211C59AA57E6018FDC6 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=930F6C24088B7CB47481D4EDD64A873A817E73FC ft=1 fh=44fb5a4b02bb1a4e vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\System Volume Information\_restore{5A5BC448-F71D-4EAA-8945-6E7545CD1B15}\RP177\A0093483.dll"
sh=F7260CE69E39008609AC6570C2013A39315C46F5 ft=1 fh=c8129b0266621a88 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\System Volume Information\_restore{5A5BC448-F71D-4EAA-8945-6E7545CD1B15}\RP177\A0093489.exe"
sh=F7C72C5EC5334C58465B8A4257978531B19C4098 ft=1 fh=0ab1d01b6bb0271d vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\System Volume Information\_restore{5A5BC448-F71D-4EAA-8945-6E7545CD1B15}\RP177\A0093490.exe"
sh=457335C7D7CF3B76BDA5156BDFC9D2E55F5EB26E ft=1 fh=733834ea60493ef0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\System Volume Information\_restore{5A5BC448-F71D-4EAA-8945-6E7545CD1B15}\RP177\A0093506.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.9016)
Adobe Flash Player 14.0.0.145
Adobe Reader 10.1.11 Adobe Reader out of Date!
Mozilla Firefox (31.0)
Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by David (administrator) on DAVID-PC on 18-08-2014 09:19:59
Running from C:\Users\David\Downloads
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-14] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.uwz.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-28]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-06]
Chrome:
=======
CHR HomePage:
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 TweakingRunAsSystemService; "C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\tweaking_ras.exe"
cmd.exe
[]/c start /HIGH cmd.exe /c
C:\Users\David\AppData\Local\Temp\temp497.bat
& exit
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S1 Beep; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-17 19:07 - 2014-08-17 19:08 - 02347384 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_deu(1).exe
2014-08-17 18:54 - 2014-08-18 09:18 - 00000898 _____ () C:\Users\David\Desktop\checkup.txt
2014-08-17 18:52 - 2014-08-17 18:52 - 00854417 _____ () C:\Users\David\Downloads\SecurityCheck.exe
2014-08-17 18:51 - 2014-08-17 18:51 - 00000987 _____ () C:\Users\David\Desktop\log.txt - Verknüpfung.lnk
2014-08-17 16:34 - 2014-08-17 16:34 - 02347384 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_deu.exe
2014-08-17 16:34 - 2014-08-17 16:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-14 17:57 - 2014-08-14 17:57 - 00033264 _____ () C:\Users\David\Downloads\FRST2.txt
2014-08-14 17:57 - 2014-08-14 17:57 - 00018302 _____ () C:\Users\David\Downloads\Addition2.txt
2014-08-14 17:53 - 2014-08-17 18:55 - 00000000 ____D () C:\Users\David\Downloads\FRST-OlderVersion
2014-08-14 17:51 - 2014-08-14 17:51 - 00000766 _____ () C:\Users\David\Desktop\JRT2.txt
2014-08-14 17:51 - 2014-08-14 17:51 - 00000766 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-14 17:44 - 2014-08-14 17:44 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-14 17:42 - 2014-08-14 17:42 - 00011209 _____ () C:\Users\David\Desktop\AdwCleaner[S0].txt
2014-08-14 17:31 - 2014-08-14 17:31 - 01356107 _____ () C:\Users\David\Downloads\adwcleaner_3.305.exe
2014-08-14 17:30 - 2014-08-14 17:30 - 00014579 _____ () C:\Users\David\Desktop\mbam.odt
2014-08-14 10:45 - 2014-08-14 10:45 - 00000680 _____ () C:\Users\David\AppData\Local\d3d9caps.dat
2014-08-14 10:22 - 2014-06-27 00:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 10:22 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 10:22 - 2014-06-27 00:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 10:22 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 10:22 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 10:22 - 2014-06-27 00:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 10:22 - 2014-06-06 06:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 10:22 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 22:23 - 2014-07-25 06:27 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 22:23 - 2014-07-25 06:18 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 22:23 - 2014-07-25 05:15 - 02781696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 22:23 - 2014-07-24 21:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 22:23 - 2014-07-24 21:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 22:23 - 2014-07-24 21:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 22:23 - 2014-07-24 21:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 22:23 - 2014-07-24 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 22:23 - 2014-07-24 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 22:23 - 2014-07-24 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 22:23 - 2014-07-24 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 22:23 - 2014-07-24 21:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 22:23 - 2014-07-24 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 22:23 - 2014-07-24 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 22:23 - 2014-07-24 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 22:23 - 2014-07-24 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 22:23 - 2014-07-24 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 22:23 - 2014-07-24 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 22:23 - 2014-07-24 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 22:23 - 2014-07-24 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 22:23 - 2014-07-24 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 22:23 - 2014-07-24 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 22:23 - 2014-07-24 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 22:23 - 2014-07-24 21:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 22:23 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 22:23 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 22:23 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 22:23 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 22:23 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 22:23 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 22:23 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-13 22:23 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 22:23 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 22:23 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 22:23 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 22:23 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 22:23 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 22:23 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 22:23 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 22:23 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 22:23 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 22:23 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-13 22:23 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-13 22:23 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-13 22:23 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 22:23 - 2014-06-14 02:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 22:23 - 2014-06-14 02:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 22:21 - 2014-07-08 03:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 22:21 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 22:21 - 2014-06-02 23:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 22:21 - 2014-06-02 23:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 22:21 - 2014-06-02 23:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 22:21 - 2014-06-02 23:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-13 22:21 - 2014-06-02 22:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 22:21 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 22:21 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 22:21 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 17:17 - 2014-08-13 17:17 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAVID-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
2014-08-13 17:17 - 2014-08-13 17:17 - 00000000 ____D () C:\RegBackup
2014-08-13 13:43 - 2014-08-13 13:43 - 00001994 _____ () C:\Users\David\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-08-13 13:42 - 2014-08-13 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-13 13:42 - 2014-08-13 13:42 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-13 13:39 - 2014-08-13 13:40 - 09521280 _____ () C:\Users\David\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-08-12 21:13 - 2014-08-12 21:13 - 00013215 _____ () C:\Users\David\Desktop\combofix.txt
2014-08-12 21:01 - 2014-08-12 21:01 - 00013215 _____ () C:\ComboFix.txt
2014-08-12 20:48 - 2014-08-12 21:01 - 00000000 ____D () C:\Qoobox
2014-08-12 20:48 - 2014-08-12 21:00 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 20:48 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-12 20:48 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-12 20:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-12 20:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-12 20:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-12 20:48 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-12 20:48 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-12 20:48 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-12 20:05 - 2014-08-12 20:06 - 05569662 ____R (Swearware) C:\Users\David\Desktop\ComboFix.exe
2014-08-12 18:09 - 2014-08-17 18:57 - 00033615 _____ () C:\Users\David\Downloads\Addition.txt
2014-08-12 15:34 - 2014-08-12 15:34 - 00001164 _____ () C:\Users\David\Desktop\maleware.txt
2014-08-12 15:33 - 2014-08-12 15:33 - 00001164 _____ () C:\maleware.txt
2014-08-12 15:05 - 2014-08-12 15:05 - 00380416 _____ () C:\Users\David\Desktop\Gmer-19357.exe
2014-08-12 15:04 - 2014-08-12 15:04 - 00015665 _____ () C:\Users\David\Desktop\FRST.txt
2014-08-12 15:02 - 2014-08-18 09:20 - 00007593 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-12 15:01 - 2014-08-17 18:55 - 02101760 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2014-08-12 15:00 - 2014-08-12 15:00 - 00000472 _____ () C:\Users\David\Desktop\defogger_disable.log
2014-08-12 14:58 - 2014-08-12 14:58 - 00000000 _____ () C:\Users\David\Desktop\defogger_reenable
2014-08-12 14:55 - 2014-08-12 14:55 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2014-08-01 18:30 - 2014-08-10 17:25 - 00042481 _____ () C:\Users\David\Desktop\PlanspielTauberExtrem.ods
2014-07-30 00:34 - 2014-07-30 00:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 13:58 - 2014-07-28 13:58 - 00028931 _____ () C:\Users\David\Documents\alex2.odt
2014-07-26 15:09 - 2014-07-28 10:30 - 00033505 _____ () C:\Users\David\Documents\alex 1.odt
2014-07-22 15:47 - 2014-07-22 15:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-20 14:57 - 2014-07-20 14:57 - 00013655 _____ () C:\Users\David\Documents\Scanner.odt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-18 09:20 - 2014-08-12 15:02 - 00007593 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-18 09:20 - 2014-05-04 09:52 - 00000000 ____D () C:\FRST
2014-08-18 09:18 - 2014-08-17 18:54 - 00000898 _____ () C:\Users\David\Desktop\checkup.txt
2014-08-18 09:06 - 2008-01-21 13:10 - 01661466 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-18 09:06 - 2008-01-21 13:09 - 00695484 _____ () C:\Windows\system32\perfh007.dat
2014-08-18 09:06 - 2008-01-21 13:09 - 00156942 _____ () C:\Windows\system32\perfc007.dat
2014-08-18 09:02 - 2013-11-06 21:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-18 09:02 - 2008-01-21 03:53 - 01246935 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 08:58 - 2008-01-21 05:26 - 00326166 _____ () C:\Windows\PFRO.log
2014-08-18 08:58 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 08:58 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-18 08:58 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-18 08:58 - 2006-11-02 17:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-17 22:17 - 2006-11-02 17:42 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-17 19:08 - 2014-08-17 19:07 - 02347384 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_deu(1).exe
2014-08-17 18:59 - 2008-01-01 15:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-17 18:57 - 2014-08-12 18:09 - 00033615 _____ () C:\Users\David\Downloads\Addition.txt
2014-08-17 18:55 - 2014-08-14 17:53 - 00000000 ____D () C:\Users\David\Downloads\FRST-OlderVersion
2014-08-17 18:55 - 2014-08-12 15:01 - 02101760 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2014-08-17 18:52 - 2014-08-17 18:52 - 00854417 _____ () C:\Users\David\Downloads\SecurityCheck.exe
2014-08-17 18:51 - 2014-08-17 18:51 - 00000987 _____ () C:\Users\David\Desktop\log.txt - Verknüpfung.lnk
2014-08-17 16:34 - 2014-08-17 16:34 - 02347384 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_deu.exe
2014-08-17 16:34 - 2014-08-17 16:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-16 20:04 - 2013-11-08 18:13 - 00089088 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-16 15:22 - 2013-11-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\vlc
2014-08-16 08:27 - 2013-12-09 21:16 - 00000000 ____D () C:\Users\David\AppData\Local\Paint.NET
2014-08-14 17:57 - 2014-08-14 17:57 - 00033264 _____ () C:\Users\David\Downloads\FRST2.txt
2014-08-14 17:57 - 2014-08-14 17:57 - 00018302 _____ () C:\Users\David\Downloads\Addition2.txt
2014-08-14 17:51 - 2014-08-14 17:51 - 00000766 _____ () C:\Users\David\Desktop\JRT2.txt
2014-08-14 17:51 - 2014-08-14 17:51 - 00000766 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-14 17:44 - 2014-08-14 17:44 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-14 17:43 - 2014-07-15 11:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 17:42 - 2014-08-14 17:42 - 00011209 _____ () C:\Users\David\Desktop\AdwCleaner[S0].txt
2014-08-14 17:39 - 2014-05-04 12:21 - 00000000 ____D () C:\AdwCleaner
2014-08-14 17:31 - 2014-08-14 17:31 - 01356107 _____ () C:\Users\David\Downloads\adwcleaner_3.305.exe
2014-08-14 17:30 - 2014-08-14 17:30 - 00014579 _____ () C:\Users\David\Desktop\mbam.odt
2014-08-14 15:34 - 2006-11-02 14:34 - 00000164 _____ () C:\Windows\win.ini
2014-08-14 11:00 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache
2014-08-14 10:45 - 2014-08-14 10:45 - 00000680 _____ () C:\Users\David\AppData\Local\d3d9caps.dat
2014-08-14 10:45 - 2008-01-01 15:24 - 00001460 _____ () C:\Users\David\AppData\Local\d3d9caps64.dat
2014-08-14 10:44 - 2006-11-02 17:21 - 00394568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-13 17:17 - 2014-08-13 17:17 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAVID-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
2014-08-13 17:17 - 2014-08-13 17:17 - 00000000 ____D () C:\RegBackup
2014-08-13 13:43 - 2014-08-13 13:43 - 00001994 _____ () C:\Users\David\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-08-13 13:42 - 2014-08-13 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-13 13:42 - 2014-08-13 13:42 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-13 13:40 - 2014-08-13 13:39 - 09521280 _____ () C:\Users\David\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-08-12 21:13 - 2014-08-12 21:13 - 00013215 _____ () C:\Users\David\Desktop\combofix.txt
2014-08-12 21:01 - 2014-08-12 21:01 - 00013215 _____ () C:\ComboFix.txt
2014-08-12 21:01 - 2014-08-12 20:48 - 00000000 ____D () C:\Qoobox
2014-08-12 21:01 - 2006-11-02 15:33 - 00000000 __RHD () C:\Users\Default
2014-08-12 21:00 - 2014-08-12 20:48 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 21:00 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-12 20:55 - 2013-11-08 17:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-12 20:06 - 2014-08-12 20:05 - 05569662 ____R (Swearware) C:\Users\David\Desktop\ComboFix.exe
2014-08-12 15:34 - 2014-08-12 15:34 - 00001164 _____ () C:\Users\David\Desktop\maleware.txt
2014-08-12 15:34 - 2008-01-01 15:24 - 00000000 ____D () C:\Users\David
2014-08-12 15:33 - 2014-08-12 15:33 - 00001164 _____ () C:\maleware.txt
2014-08-12 15:05 - 2014-08-12 15:05 - 00380416 _____ () C:\Users\David\Desktop\Gmer-19357.exe
2014-08-12 15:04 - 2014-08-12 15:04 - 00015665 _____ () C:\Users\David\Desktop\FRST.txt
2014-08-12 15:00 - 2014-08-12 15:00 - 00000472 _____ () C:\Users\David\Desktop\defogger_disable.log
2014-08-12 14:58 - 2014-08-12 14:58 - 00000000 _____ () C:\Users\David\Desktop\defogger_reenable
2014-08-12 14:55 - 2014-08-12 14:55 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2014-08-10 17:25 - 2014-08-01 18:30 - 00042481 _____ () C:\Users\David\Desktop\PlanspielTauberExtrem.ods
2014-08-07 15:00 - 2014-01-02 15:21 - 00034688 _____ () C:\Users\David\Desktop\ÜFD.ods
2014-07-31 22:22 - 2014-07-10 00:22 - 00059960 _____ () C:\Users\David\Desktop\planspielfneu.ods
2014-07-30 19:52 - 2013-11-06 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 00:34 - 2014-07-30 00:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 13:58 - 2014-07-28 13:58 - 00028931 _____ () C:\Users\David\Documents\alex2.odt
2014-07-28 10:30 - 2014-07-26 15:09 - 00033505 _____ () C:\Users\David\Documents\alex 1.odt
2014-07-25 06:27 - 2014-08-13 22:23 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-25 06:18 - 2014-08-13 22:23 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-25 05:15 - 2014-08-13 22:23 - 02781696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-24 21:28 - 2014-08-13 22:23 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 21:12 - 2014-08-13 22:23 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 21:10 - 2014-08-13 22:23 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 21:07 - 2014-08-13 22:23 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 21:06 - 2014-08-13 22:23 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 21:05 - 2014-08-13 22:23 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 21:05 - 2014-08-13 22:23 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 21:05 - 2014-08-13 22:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 21:04 - 2014-08-13 22:23 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 21:04 - 2014-08-13 22:23 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 21:04 - 2014-08-13 22:23 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 21:04 - 2014-08-13 22:23 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 21:04 - 2014-08-13 22:23 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 21:04 - 2014-08-13 22:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 21:03 - 2014-08-13 22:23 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 21:03 - 2014-08-13 22:23 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 21:03 - 2014-08-13 22:23 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 21:03 - 2014-08-13 22:23 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 21:03 - 2014-08-13 22:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 21:03 - 2014-08-13 22:23 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 21:02 - 2014-08-13 22:23 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-24 20:07 - 2014-08-13 22:23 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-24 19:58 - 2014-08-13 22:23 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-24 19:57 - 2014-08-13 22:23 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-24 19:52 - 2014-08-13 22:23 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 19:51 - 2014-08-13 22:23 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-24 19:51 - 2014-08-13 22:23 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-24 19:50 - 2014-08-13 22:23 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-24 19:50 - 2014-08-13 22:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-24 19:49 - 2014-08-13 22:23 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-24 19:49 - 2014-08-13 22:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-24 19:49 - 2014-08-13 22:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-24 19:49 - 2014-08-13 22:23 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-24 19:49 - 2014-08-13 22:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-24 19:48 - 2014-08-13 22:23 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-24 19:48 - 2014-08-13 22:23 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-24 19:48 - 2014-08-13 22:23 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-24 19:48 - 2014-08-13 22:23 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-24 19:48 - 2014-08-13 22:23 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-24 19:48 - 2014-08-13 22:23 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-24 19:48 - 2014-08-13 22:23 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-24 19:47 - 2014-08-13 22:23 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-22 15:47 - 2014-07-22 15:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-20 14:57 - 2014-07-20 14:57 - 00013655 _____ () C:\Users\David\Documents\Scanner.odt
2014-07-19 19:12 - 2014-06-08 19:25 - 00015390 _____ () C:\Users\David\Desktop\Höchste gemessene Temperaturen seit 2007.odt
Some content of TEMP:
====================
C:\Users\David\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-18 09:04
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by David at 2014-08-18 09:20:29
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Druckerdeinstallation für EPSON SX125 Series (HKLM\...\EPSON SX125 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Free YouTube Download version 3.2.16.1030 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.16.1030 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.0.0 - Electronic Arts)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) Network Connections 15.3.68.0 (HKLM\...\PROSetDX) (Version: 15.3.68.0 - Intel)
Intel(R) Network Connections 15.3.68.0 (Version: 15.3.68.0 - Intel) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6201 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.5 - Tweaking.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.14 - NCH Software)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
10-07-2014 12:20:59 Windows Update
11-07-2014 08:32:49 Windows Update
12-07-2014 10:29:08 Geplanter Prüfpunkt
15-07-2014 08:26:49 Windows Update
17-07-2014 11:51:15 Geplanter Prüfpunkt
18-07-2014 11:05:10 Geplanter Prüfpunkt
18-07-2014 13:10:59 Windows Update
19-07-2014 19:20:47 Geplanter Prüfpunkt
22-07-2014 06:42:43 Windows Update
25-07-2014 11:29:10 Geplanter Prüfpunkt
26-07-2014 08:12:58 Windows Update
27-07-2014 16:52:45 Geplanter Prüfpunkt
29-07-2014 00:21:31 Geplanter Prüfpunkt
29-07-2014 22:00:06 Geplanter Prüfpunkt
29-07-2014 22:12:22 Windows Update
30-07-2014 16:16:55 Geplanter Prüfpunkt
03-08-2014 09:56:40 Windows Update
05-08-2014 15:06:15 Geplanter Prüfpunkt
06-08-2014 17:05:13 Geplanter Prüfpunkt
07-08-2014 15:47:36 Geplanter Prüfpunkt
07-08-2014 17:38:41 Windows Update
08-08-2014 11:03:04 Geplanter Prüfpunkt
11-08-2014 13:25:09 Windows Update
12-08-2014 15:23:19 Geplanter Prüfpunkt
13-08-2014 12:29:24 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 14:34 - 2014-08-14 15:35 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {86A47048-E643-4F44-A3AE-1F83D81CC58C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9F16D07D-44F1-4DB3-81F5-24E575F94CAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-03-29 03:07 - 2013-03-29 03:07 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Compact Flash
Description: Compact Flash
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: MS/MS-Pro
Description: MS/MS-Pro
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: SD/MMC
Description: SD/MMC
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: SM/xD-Picture
Description: SM/xD-Picture
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: Intenso
Description: Rainbow Line
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Intenso
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: KINGSTON
Description: DataTraveler G2
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Kingston
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/18/2014 09:06:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (08/17/2014 07:09:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (08/17/2014 07:09:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (08/17/2014 06:55:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (08/17/2014 06:50:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (08/17/2014 06:46:22 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x8000ffff).
Error: (08/17/2014 06:46:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Hr = 0x8000ffff).
Error: (08/17/2014 06:46:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057.
Vorgang:
Sicherung abbrechen
Kontext:
Ausführungskontext: Requestor
Aktueller Status: SnapshotSetCreated
Error: (08/17/2014 06:46:22 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {faf53cc4-bd73-4e36-83f1-2b23f46e513e} und dem Namen "VSSEvent" kann nicht gestartet werden. [0x80070057]
Vorgang:
Sicherung abbrechen
Kontext:
Ausführungskontext: Requestor
Aktueller Status: SnapshotSetCreated
Error: (08/17/2014 06:46:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040154.
Vorgang:
Generatordaten werden gesammelt
Asynchroner Vorgang wird ausgeführt
Kontext:
Ausführungskontext: Requestor
Aktueller Status: GatherWriterMetadata
System errors:
=============
Error: (08/18/2014 08:59:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
Error: (08/17/2014 00:53:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.179.3261.0){3DB3E9B4-AC16-4B16-816C-84A49BF1E78D}201
Error: (08/17/2014 00:53:07 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.179.3261.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (08/17/2014 00:53:05 PM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Modulversion:
Vorherige Modulversion:
Modultyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Fehlercode: %NT-AUTORITÄT601
Fehlerbeschreibung: %NT-AUTORITÄT602
Error: (08/17/2014 00:53:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion:
Aktualisierungsquelle: %NT-AUTORITÄT15
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (08/17/2014 00:41:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
Error: (08/16/2014 08:16:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
Error: (08/15/2014 09:40:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.179.3065.0){1A1D2510-22BB-414C-BEE1-A4BDE0CD46DD}201
Error: (08/15/2014 09:40:29 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.179.3065.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (08/15/2014 09:40:27 AM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Modulversion:
Vorherige Modulversion:
Modultyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Fehlercode: %NT-AUTORITÄT601
Fehlerbeschreibung: %NT-AUTORITÄT602
Microsoft Office Sessions:
=========================
Error: (08/18/2014 09:06:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\David\Downloads\esetsmartinstaller_deu(1).exe
Error: (08/17/2014 07:09:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\David\Downloads\esetsmartinstaller_deu(1).exe
Error: (08/17/2014 07:09:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\David\Downloads\esetsmartinstaller_deu(1).exe
Error: (08/17/2014 06:55:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\David\Downloads\esetsmartinstaller_deu.exe
Error: (08/17/2014 06:50:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (08/17/2014 06:46:22 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: 0x8000ffff
Error: (08/17/2014 06:46:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x8000ffff
Error: (08/17/2014 06:46:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070057
Vorgang:
Sicherung abbrechen
Kontext:
Ausführungskontext: Requestor
Aktueller Status: SnapshotSetCreated
Error: (08/17/2014 06:46:22 PM) (Source: VSS) (EventID: 13) (User: )
Description: {faf53cc4-bd73-4e36-83f1-2b23f46e513e}VSSEvent0x80070057
Vorgang:
Sicherung abbrechen
Kontext:
Ausführungskontext: Requestor
Aktueller Status: SnapshotSetCreated
Error: (08/17/2014 06:46:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80040154
Vorgang:
Generatordaten werden gesammelt
Asynchroner Vorgang wird ausgeführt
Kontext:
Ausführungskontext: Requestor
Aktueller Status: GatherWriterMetadata
CodeIntegrity Errors:
===================================
Date: 2014-08-14 17:54:28.547
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:28.437
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:28.328
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:28.203
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:28.016
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:27.906
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:27.781
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:54:27.641
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:24:39.317
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 17:24:39.213
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 40%
Total physical RAM: 4027.9 MB
Available physical RAM: 2413.11 MB
Total Pagefile: 8279.09 MB
Available Pagefile: 6657.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:581.52 GB) (Free:295.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: () (Removable) (Total:30.09 GB) (Free:30 GB) FAT32
Drive h: (INTENSO) (Fixed) (Total:698.46 GB) (Free:309.83 GB) FAT32
Drive j: (KINGSTON) (Removable) (Total:3.72 GB) (Free:3.62 GB) FAT32
Drive k: (Intenso) (Removable) (Total:14.93 GB) (Free:13.84 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 205A4912)
Partition 1: (Not Active) - (Size=14.7 GB) - (Type=27)
Partition 2: (Active) - (Size=581.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 30.1 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 5 (Size: 14.9 GB) (Disk ID: 13ACD5E6)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0B)
========================================================
Disk: 6 (Size: 3.7 GB) (Disk ID: 1E6250E2)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
========================================================
Disk: 7 (Size: 698.6 GB) (Disk ID: 6051D847)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=0C)
==================== End Of Log ============================
|
|
19.08.2014, 09:28
| #14 |
| /// the machine /// TB-Ausbilder | Windows Vista -64 Bit - Verdacht auf Virenbefall Adobe udpaten. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.08.2014, 11:59
| #15 |
| | Windows Vista -64 Bit - Verdacht auf Virenbefall Passt soweit alles! Herzlichen Dank Dir! Liebe Grüße  |
|
| Themen zu Windows Vista -64 Bit - Verdacht auf Virenbefall |
| android/mobserv.a, avg, defender, desktop, flash player, homepage, iexplore.exe, mobogenie, mobogenie entfernen, registry, schutz, security, services.exe, software, svchost.exe, virenbefal, werbung, win32/downloadsponsor.a, win32/installcore.a, win32/mobogenie.a, win32/toolbar.conduit, win32/toolbar.conduit.b |
WARNUNG an die MITLESER: 
Linear-Darstellung
