| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Regsvr32 Error, Trojaner und MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.08.2014, 13:44
| #1 |
| |  Regsvr32 Error, Trojaner und Malware Guten Tag alle zusammen, und zwar habe ich folgendes Problem, das gestern Abend begann (ich habe nichts neues installiert, war auf keinen dubiosen Seiten oder Ähnliches): Opera - mein Standardbrowser - lädt auf einmal nichts mehr. Weder Internetseiten noch die Browsereinstellungen, den Verlauf oder sonstwas. Der Browser bleibt einfach weiß. Gleichzeitig kam immer wieder eine Meldung, wie wenn ich was mit Firefox oder IE runterladen will und ob ich die Datei speichern oder nur öffnen möchte. Jedoch wollte ich nichts runterladen und habe es jedes mal abgebrochen. Die Datei hieß "bk-coretag.js". Habe den PC dann runtergefahren und erst heute wieder gestartet. Dann kam direkt beim Hochfahren der Error mir Regsvr32. Das Modul konnte nicht geladen werden. Es hat auch keinen Namen: "" Folglich habe ich Avira Antivir (welches ich mittlerweile deinstalliert habe um nach der Reinigung ein besseres zu installieren) laufen lassen und es hat 3 Dateien gefunden: 1. niydof.exe (Speicherort: C:/User/Appdata/Roaming/Caitxu ; Hersteller: Meskisift Visaal Studie 2010) 2. Dateiname vergessen (Speicherort: C:/ProgramData/Okiyocinar) 3. Dateiname vergessen (Speicherort: C:/ProgramData/Owidmobxuk) Habe die Dateien und die Ordner dann mit Avira schlicht und einfach gelöscht. Nun ist das Problem mit Regsvr32 und Opera weiterhin. Grade eben habe ich aus Jux Internet Explorer geöffnet und ich wurde direkt gefragt ob ich "Sweet-Page" als Standardseite setzen möchte. Dies ist also auch Malware, obwohl ich IE NIE benutze. Habe in einem anderen Thread hier im Board ein ähnliches Problem gesehen und habe die vorgeschlagenen Schritte befolgt, bis bei mir ein anderer Fehler auftauchte: Habe FRST runtergeladen und einen Scan laufen lassen. Hier die FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Daniel (administrator) on DANIEL-PC on 17-08-2014 14:19:19
Running from C:\Users\Daniel\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Adobe) C:\Users\Daniel\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\Run: [Spotify Web Helper] => C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-28] (Spotify Ltd)
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\Run: [OwidmObxuk] => regsvr32.exe "C:\ProgramData\OwidmObxuk\OwidmObxuk.dat"
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\Run: [OkiyoCinar] => regsvr32.exe "
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\Run: [Yzuxpakyc] => C:\Users\Daniel\AppData\Roaming\Caitxu\niydof.exe
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\MountPoints2: {76d87647-4bdd-11e3-942b-806e6f6e6963} - D:\CDSetup.exe
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\MountPoints2: {80c5ed5f-11b1-11e4-8f13-8c89a50f52e5} - E:\SETUP.EXE
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~2\sk-enh~1\psupport.dll => "c:\progra~2\sk-enh~1\psupport.dll" File Not Found
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x71678DADB4DFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default
FF DefaultSearchEngine: sweet-page
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF user.js: detected! => C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default\user.js
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default\Extensions\staged [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default\extensions\quick_start@gmail.com
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-26] ()
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S4 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}w64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys [61112 2014-05-19] (StdLib)
S4 avgntflt; system32\DRIVERS\avgntflt.sys [X]
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-17 14:19 - 2014-08-17 14:19 - 00016603 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-08-17 14:19 - 2014-08-17 14:19 - 00000000 ____D () C:\FRST
2014-08-17 14:18 - 2014-08-17 14:18 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Adobe
2014-08-17 14:14 - 2014-08-17 14:14 - 02101760 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-08-17 14:14 - 2014-08-17 14:14 - 00000090 _____ () C:\Users\Daniel\Desktop\Neues Textdokument.txt
2014-08-17 14:12 - 2014-08-17 14:12 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-08-17 14:09 - 2014-08-17 14:09 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408277391
2014-08-17 14:09 - 2014-08-17 14:09 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-08-17 14:05 - 2014-08-17 14:05 - 00873584 _____ (Opera Software) C:\Users\Daniel\Downloads\Opera_NI_stable.exe
2014-08-17 13:39 - 2014-08-17 13:39 - 00000000 ____D () C:\ProgramData\OwidmObxuk
2014-08-17 13:18 - 2014-08-17 13:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-17 13:10 - 2014-08-17 14:02 - 00002254 _____ () C:\Windows\PFRO.log
2014-08-16 22:20 - 2014-08-16 22:20 - 00019989 _____ () C:\Users\Daniel\AppData\Roaming\hs_err_pid7000.log
2014-08-16 22:16 - 2014-08-17 14:00 - 00000804 _____ () C:\Windows\Tasks\Security Center Update - 2658502231.job
2014-08-16 22:16 - 2014-08-16 22:16 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 2658502231
2014-08-16 22:13 - 2014-08-17 13:16 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-16 09:50 - 2014-08-17 14:03 - 00000560 _____ () C:\Windows\setupact.log
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-13 16:50 - 2014-08-13 16:50 - 00000000 ____D () C:\Users\Daniel\Documents\Square Enix
2014-07-22 17:17 - 2014-07-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-07-22 17:17 - 2014-07-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-22 17:14 - 2014-07-22 17:14 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-07-22 17:12 - 2014-07-22 17:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-22 17:12 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-22 17:12 - 2014-07-22 17:12 - 00000000 __RHD () C:\MSOCache
2014-07-22 17:12 - 2014-07-22 17:12 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Microsoft Help
2014-07-22 17:03 - 2014-07-22 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-07-22 17:03 - 2014-07-22 17:03 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-07-22 17:01 - 2014-07-22 17:02 - 00961360 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\Virtual CloneDrive - CHIP-Installer.exe
2014-07-22 16:04 - 2014-07-22 16:04 - 00000000 ____D () C:\Users\Daniel\Desktop\Word 2010
2014-07-22 16:03 - 2014-07-22 16:03 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Apps\2.0
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-17 14:19 - 2014-08-17 14:19 - 00016603 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-08-17 14:19 - 2014-08-17 14:19 - 00000000 ____D () C:\FRST
2014-08-17 14:18 - 2014-08-17 14:18 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Adobe
2014-08-17 14:14 - 2014-08-17 14:14 - 02101760 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-08-17 14:14 - 2014-08-17 14:14 - 00000090 _____ () C:\Users\Daniel\Desktop\Neues Textdokument.txt
2014-08-17 14:13 - 2014-04-15 14:50 - 01601232 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 14:12 - 2014-08-17 14:12 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-08-17 14:11 - 2014-04-26 15:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-17 14:10 - 2013-12-11 23:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-17 14:09 - 2014-08-17 14:09 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408277391
2014-08-17 14:09 - 2014-08-17 14:09 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-08-17 14:09 - 2013-11-12 16:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-17 14:08 - 2009-07-14 19:58 - 00644904 _____ () C:\Windows\system32\perfh007.dat
2014-08-17 14:08 - 2009-07-14 19:58 - 00126930 _____ () C:\Windows\system32\perfc007.dat
2014-08-17 14:08 - 2009-07-14 07:13 - 01475424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 14:05 - 2014-08-17 14:05 - 00873584 _____ (Opera Software) C:\Users\Daniel\Downloads\Opera_NI_stable.exe
2014-08-17 14:03 - 2014-08-16 09:50 - 00000560 _____ () C:\Windows\setupact.log
2014-08-17 14:02 - 2014-08-17 13:10 - 00002254 _____ () C:\Windows\PFRO.log
2014-08-17 14:02 - 2013-12-11 23:30 - 00000454 ____H () C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job
2014-08-17 14:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 14:00 - 2014-08-16 22:16 - 00000804 _____ () C:\Windows\Tasks\Security Center Update - 2658502231.job
2014-08-17 13:45 - 2013-12-11 23:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 13:42 - 2013-11-13 23:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-17 13:39 - 2014-08-17 13:39 - 00000000 ____D () C:\ProgramData\OwidmObxuk
2014-08-17 13:18 - 2014-08-17 13:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-17 13:16 - 2014-08-16 22:13 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-17 01:25 - 2013-11-13 21:29 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Skype
2014-08-16 22:20 - 2014-08-16 22:20 - 00019989 _____ () C:\Users\Daniel\AppData\Roaming\hs_err_pid7000.log
2014-08-16 22:16 - 2014-08-16 22:16 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 2658502231
2014-08-16 22:06 - 2013-11-12 17:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-13 16:50 - 2014-08-13 16:50 - 00000000 ____D () C:\Users\Daniel\Documents\Square Enix
2014-08-12 20:46 - 2013-11-15 17:28 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\.minecraft
2014-08-06 18:57 - 2014-07-14 13:07 - 00000000 ____D () C:\Users\Daniel\Desktop\Neuer Ordner
2014-08-04 11:24 - 2013-11-13 21:29 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Spotify
2014-08-02 12:11 - 2014-03-10 15:25 - 00000000 ____D () C:\Users\Daniel\AppData\Local\TeamSpeak 3 Client
2014-08-01 10:43 - 2014-07-03 14:33 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-31 17:57 - 2013-11-13 21:30 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Spotify
2014-07-28 22:11 - 2013-12-24 10:57 - 00524800 ___SH () C:\Users\Daniel\Desktop\Thumbs.db
2014-07-28 17:43 - 2014-01-31 20:51 - 00000000 ____D () C:\Windows\Minidump
2014-07-24 15:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-24 09:33 - 2009-07-14 06:45 - 00414968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-23 11:02 - 2013-11-12 16:17 - 00108840 _____ () C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-22 17:20 - 2014-07-22 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-07-22 17:18 - 2014-07-22 17:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-22 17:17 - 2014-07-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-07-22 17:17 - 2014-07-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-22 17:16 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-07-22 17:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-22 17:15 - 2014-07-22 17:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-22 17:14 - 2014-07-22 17:14 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-22 17:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-07-22 17:13 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini
2014-07-22 17:12 - 2014-07-22 17:12 - 00000000 __RHD () C:\MSOCache
2014-07-22 17:12 - 2014-07-22 17:12 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Microsoft Help
2014-07-22 17:03 - 2014-07-22 17:03 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-07-22 17:02 - 2014-07-22 17:01 - 00961360 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\Virtual CloneDrive - CHIP-Installer.exe
2014-07-22 16:58 - 2014-07-09 12:34 - 00000000 ____D () C:\Users\Daniel\Desktop\UB
2014-07-22 16:04 - 2014-07-22 16:04 - 00000000 ____D () C:\Users\Daniel\Desktop\Word 2010
2014-07-22 16:03 - 2014-07-22 16:03 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Apps\2.0
Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\bko.dll
C:\Users\Daniel\AppData\Local\Temp\diaw.dll
C:\Users\Daniel\AppData\Local\Temp\gui.dll
C:\Users\Daniel\AppData\Local\Temp\hettc.dll
C:\Users\Daniel\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe
C:\Users\Daniel\AppData\Local\Temp\lgicb.dll
C:\Users\Daniel\AppData\Local\Temp\rrmi.dll
C:\Users\Daniel\AppData\Local\Temp\ujcg.dll
C:\Users\Daniel\AppData\Local\Temp\UpdateFlashPlayer_f9dbcf57.exe
C:\Users\Daniel\AppData\Local\Temp\vrex.dll
C:\Users\Daniel\AppData\Local\Temp\yob.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-07 16:12
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Daniel at 2014-08-17 14:19:44
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 11.10.13 - NVIDIA Corporation)
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Opera Stable 23.0.1522.75 (HKLM-x32\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0212 - )
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
World of Goo (HKLM-x32\...\Steam App 22000) (Version: - 2D BOY)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-08-2014 08:43:42 Geplanter Prüfpunkt
09-08-2014 08:00:55 Geplanter Prüfpunkt
13-08-2014 14:50:42 DirectX wurde installiert
17-08-2014 11:41:44 Removed Adobe Reader XI (11.0.08) - Deutsch.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {177A169E-30F9-42BB-8B4D-5840B5C7C2D9} - System32\Tasks\Security Center Update - 2658502231 => C:\Users\Daniel\AppData\Roaming\Caitxu\niydof.exe
Task: {4703D143-F0D1-49C6-AD94-D7E873D5784D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {608C821D-5E17-4C82-9623-38D7B569F217} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {C8D02A84-2779-4F9E-A8A1-8B82C32C3C23} - System32\Tasks\Sk-Enhancer-S-5902107913 => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION
Task: {D36334FF-1384-4C72-B1E9-75289ED300C4} - System32\Tasks\Opera scheduled Autoupdate 1408277391 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-08] (Opera Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Security Center Update - 2658502231.job => C:\Users\Daniel\AppData\Roaming\Caitxu\niydof.exe <==== ATTENTION
Task: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-03-11 13:12 - 2014-03-04 16:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-11-12 21:40 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-11-16 00:32 - 2014-04-26 15:09 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-12 21:39 - 2014-03-04 16:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-16 11:38 - 2014-05-31 18:37 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-11-12 17:24 - 2013-03-12 14:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-09 12:48 - 2014-07-09 12:48 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.
Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.
Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.
Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.
Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.
System errors:
=============
Error: (08/17/2014 02:03:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (08/17/2014 01:38:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (08/17/2014 01:11:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (08/17/2014 01:11:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/17/2014 01:11:03 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (08/16/2014 11:19:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (08/16/2014 11:16:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (08/15/2014 03:13:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/15/2014 03:13:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (08/15/2014 02:56:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 8113.18 MB
Available physical RAM: 5992.06 MB
Total Pagefile: 16224.5 MB
Available Pagefile: 13975.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:696.77 GB) (Free:462.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0884D45E)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=696.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter HKU\S-1-5-21-2945054314-693221957-2648122378-1001\...\Run: [EwepuNwuhi] => regsvr32.exe "
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by Daniel at 2014-08-17 14:21:42 Run:1
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-2945054314-693221957-2648122378-1001\...\Run: [EwepuNwuhi] => regsvr32.exe "
*****************
HKU\S-1-5-21-2945054314-693221957-2648122378-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EwepuNwuhi => Value not found.
==== End of Fixlog ====
Nun bräuchte ich wirklich eure Hilfe, mein PC ist anscheinend von vorne bis hinten dicht mit Malware und ich hab keine Ahnung, wie das passieren konnte, da ich mich recht gut mit PC's auskenne und immer darauf achte, was ich mache. Ich danke euch schonmal viemals für eure Hilfe! Viele Grüße, Daniel |
|
17.08.2014, 13:45
| #2 |
| /// the machine /// TB-Ausbilder    | Regsvr32 Error, Trojaner und Malware hi,
__________________nicht einfach irgendwas fixen was gar nicht da ist. Scan mit Combofix
__________________ |
|
17.08.2014, 16:36
| #3 |
| | Regsvr32 Error, Trojaner und Malware Hi,
__________________vielen dank für die schnelle Antwort! Hier die ComboFix.txt: Code:
ATTFilter ComboFix 14-08-15.01 - Daniel 17.08.2014 14:53:08.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.8113.5808 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daniel\AppData\Local\lollipop
c:\users\Daniel\AppData\Roaming\LiveSupport.exe_log.txt
c:\users\Daniel\AppData\Roaming\regsvr32.exe_log.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-17 bis 2014-08-17 ))))))))))))))))))))))))))))))
.
.
2014-08-17 12:57 . 2014-08-17 12:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-17 12:28 . 2014-08-17 12:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-08-17 12:19 . 2014-08-17 12:21 -------- d-----w- C:\FRST
2014-08-17 11:39 . 2014-08-17 11:39 -------- d-----w- c:\programdata\OwidmObxuk
2014-08-17 11:18 . 2014-08-17 11:18 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-07-24 13:22 . 2014-07-24 13:22 -------- d-----w- c:\users\Daniel\AppData\Local\Diagnostics
2014-07-22 15:15 . 2014-07-22 15:15 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2014-07-22 15:15 . 2014-07-22 15:15 -------- d-----w- c:\windows\PCHEALTH
2014-07-22 15:15 . 2014-07-22 15:15 -------- d-----w- c:\program files (x86)\Microsoft.NET
2014-07-22 15:15 . 2014-07-22 15:15 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2014-07-22 15:15 . 2014-07-22 15:15 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-07-22 15:13 . 2014-07-22 15:13 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2014-07-22 15:13 . 2014-07-22 15:13 -------- d-----w- c:\program files\Microsoft Office
2014-07-22 15:13 . 2014-07-22 15:13 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-07-22 15:12 . 2014-07-22 15:12 -------- d-----w- c:\users\Daniel\AppData\Local\Microsoft Help
2014-07-22 15:12 . 2014-07-22 15:18 -------- d-----w- c:\programdata\Microsoft Help
2014-07-22 15:12 . 2014-07-22 15:12 -------- d-----r- C:\MSOCache
2014-07-22 15:03 . 2014-07-22 15:03 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2014-07-22 14:03 . 2014-07-22 14:03 -------- d-----w- c:\users\Daniel\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 10:48 . 2013-11-12 18:53 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 10:48 . 2013-11-12 18:53 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-22 08:52 . 2013-11-15 22:32 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-22 08:49 . 2013-11-15 22:32 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-28 1178168]
"OwidmObxuk"="c:\programdata\OwidmObxuk\OwidmObxuk.dat" [2014-08-17 269208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}w64;{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64;c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys;c:\windows\SYSNATIVE\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-12 10:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-24 165872]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-24 444400]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-21 13538376]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-OkiyoCinar - (no file)
Wow6432Node-HKCU-Run-Yzuxpakyc - c:\users\Daniel\AppData\Roaming\Caitxu\niydof.exe
AddRemove-94bf9135-f6cc-412e-95a0-1ebbd38a2e9f - c:\progra~3\INSTAL~1\{22AD1~1\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-17 14:59:09
ComboFix-quarantined-files.txt 2014-08-17 12:59
.
Vor Suchlauf: 10 Verzeichnis(se), 495.928.406.016 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 495.636.852.736 Bytes frei
.
- - End Of File - - A10040BC2ACAF4F48123C6B2914D194A
A36C5E4F47E84449FF07ED3517B43A31
EDIT: PC neugestartet. Regsvr32-Error kam nicht mehr, jedoch lädt Opera wieder nichts.. Sieht nun folgendermaßen aus: Wenn ich ComboFix laufen lasse funktioniert Opera danach reibungslos. Wenn ich jedoch den PC neustarte geht bei Opera wiederum nichts. Habe nun noch MBAM durchlaufen lassen. Hier der Report: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.08.2014 Suchlauf-Zeit: 16:43:41 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.03.04.09 Rootkit Datenbank: v2014.08.16.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: Daniel Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 244291 Verstrichene Zeit: 3 Min, 57 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 6 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [7acfdc23b4c68bab7234fcba778c7f81], PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [27220af50f6bb581644e803fc63d25db], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [bf8ae21d1a6012249115af073ec5af51], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2141722115-4052543420-584581234-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [62e7db244733e452e98f5242689a50b0], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2141722115-4052543420-584581234-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [1732f9067dfdfa3c636b7832eb18a65a], PUP.Optional.Qone8, HKU\S-1-5-21-2141722115-4052543420-584581234-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [0346ac532159f343555084324eb57c84], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-2141722115-4052543420-584581234-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0S1S1N0A, In Quarantäne, [1732f9067dfdfa3c636b7832eb18a65a] Registrierungsdaten: 7 PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776),Ersetzt,[89c066999fdb0d2902b0e6498f75867a] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[3c0db14eb1c94de965de8ca312f210f0] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}),Ersetzt,[2128ba45bebc48ee2988d659ae566b95] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776),Ersetzt,[56f3ad52bebcd0665a5638f748bcc23e] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776),Ersetzt,[a5a4d6292159e056466c9b9424e03bc5] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[69e097684e2cac8a4bf87ab50ff51ce4] PUP.Optional.SweetPage.A, HKU\S-1-5-21-2141722115-4052543420-584581234-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776),Ersetzt,[42070ef10674132300ad77b8cd378b75] Ordner: 0 (No malicious items detected) Dateien: 2 Adware.Linkular, C:\Users\Daniel\AppData\Local\DownloadGuide\Offers\Lollipop.exe, In Quarantäne, [3f0ac23dcfabb77f812a272c10f49a66], PUP.Optional.SweetPage.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml, In Quarantäne, [63e62cd387f3a4926b46ad124cb7748c], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.307 - Bericht erstellt am 17/08/2014 um 17:22:37
# Aktualisiert 17/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Daniel - DANIEL-PC
# Gestartet von : C:\Users\Daniel\Desktop\adwcleaner_3.307.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : {9edd0ea8-2819-47c2-8320-b007d5996f8a}w64
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\speedypc software
[!] Ordner Gelöscht : C:\Users\Daniel\AppData\Local\DownloadGuide
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Datei Gelöscht : C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys
Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default\searchplugins\conduit-search.xml
Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\livesupport_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\speedypc software
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Show-Password
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Sk-Enhancer
Schlüssel Gelöscht : HKLM\SOFTWARE\SP Global
Schlüssel Gelöscht : HKLM\SOFTWARE\speedypc software
Schlüssel Gelöscht : HKLM\SOFTWARE\SProtector
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.16385
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "sweet-page");
Zeile gelöscht : user_pref("extensions.43S1b3tzR4p.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Zeile gelöscht : user_pref("extensions.7JHIyynmW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]
*************************
AdwCleaner[R0].txt - [6272 octets] - [17/08/2014 17:21:20]
AdwCleaner[S0].txt - [5664 octets] - [17/08/2014 17:22:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5724 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Daniel on 17.08.2014 at 17:27:21,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\ib3ybrqe.default\extensions\staged
Successfully deleted the following from C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\ib3ybrqe.default\prefs.js
user_pref("extensions.7JHIyynmW.url", "hxxp://toolkitcomp.info/sync2/?q=hfZ9ofV9CShEAen0rja5pihTB6lKDzt4okmxtNtVh7n0rjrFrTwFrTwHrdkFtMFHhd9Fqda5rjgGrdk5rTsMDMlGojUMAe4UojC7qHU
Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\ib3ybrqe.default\minidumps [27 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.08.2014 at 17:31:07,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vielen dank! Geändert von MisterD (17.08.2014 um 14:11 Uhr) |
|
18.08.2014, 20:38
| #4 |
| /// the machine /// TB-Ausbilder | Regsvr32 Error, Trojaner und Malware Revo Uninstaller - Download - Filepony damit Opera deinstallieren, Reste entfernen lassen, neu installieren. Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.08.2014, 13:46
| #5 |
| | Regsvr32 Error, Trojaner und Malware Vielen dank nochmals für deine Hilfe. Habe Opera mit Revo komplett deinstalliert und neu installiert, geht immernoch nicht. Hier der FRST-Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Daniel (administrator) on DANIEL-PC on 19-08-2014 14:44:54
Running from C:\Users\Daniel\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\Run: [Spotify Web Helper] => C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-28] (Spotify Ltd)
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\Run: [OwidmObxuk] => regsvr32.exe "C:\ProgramData\OwidmObxuk\OwidmObxuk.dat"
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x71678DADB4DFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-26] ()
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S4 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 14:02 - 2014-08-19 14:02 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408449756
2014-08-19 14:02 - 2014-08-19 14:02 - 00001135 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-08-19 14:02 - 2014-08-19 14:02 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-08-19 14:02 - 2014-08-19 14:02 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-19 13:55 - 2014-08-19 13:55 - 00001264 _____ () C:\Users\Daniel\Desktop\Revo Uninstaller.lnk
2014-08-19 13:55 - 2014-08-19 13:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-17 17:52 - 2014-08-17 17:52 - 00015538 _____ () C:\Users\Daniel\Desktop\ComboFix_neu.txt
2014-08-17 17:50 - 2014-08-17 17:50 - 00015538 _____ () C:\ComboFix.txt
2014-08-17 17:31 - 2014-08-17 17:31 - 00001186 _____ () C:\Users\Daniel\Desktop\JRT.txt
2014-08-17 17:27 - 2014-08-17 17:27 - 00000000 ____D () C:\Windows\ERUNT
2014-08-17 17:26 - 2014-08-17 17:26 - 01016261 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2014-08-17 17:24 - 2014-08-17 17:24 - 00005824 _____ () C:\Users\Daniel\Desktop\AdwCleaner[S0].txt
2014-08-17 17:21 - 2014-08-17 17:22 - 00000000 ____D () C:\AdwCleaner
2014-08-17 17:13 - 2014-08-17 17:13 - 00005290 _____ () C:\Users\Daniel\Desktop\mbam.txt
2014-08-17 16:42 - 2014-08-17 17:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 16:42 - 2014-08-17 16:42 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-17 16:42 - 2014-08-17 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-17 16:42 - 2014-08-17 16:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-17 16:42 - 2014-08-17 16:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-17 16:42 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-17 16:42 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-17 16:42 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-17 16:31 - 2014-08-17 16:32 - 01361671 _____ () C:\Users\Daniel\Desktop\adwcleaner_3.307.exe
2014-08-17 14:59 - 2014-08-17 14:59 - 00016081 _____ () C:\Users\Daniel\Desktop\ComboFix.txt
2014-08-17 14:51 - 2014-08-17 17:50 - 00000000 ____D () C:\Qoobox
2014-08-17 14:51 - 2014-08-17 14:58 - 00000000 ____D () C:\Windows\erdnt
2014-08-17 14:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-17 14:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-17 14:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-17 14:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-17 14:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-17 14:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-17 14:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-17 14:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-17 14:49 - 2014-08-17 17:43 - 05572035 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe
2014-08-17 14:29 - 2014-08-17 14:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-17 14:28 - 2014-08-17 14:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-17 14:19 - 2014-08-19 14:44 - 00012473 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-08-17 14:19 - 2014-08-19 14:44 - 00000000 ____D () C:\FRST
2014-08-17 14:14 - 2014-08-17 14:14 - 02101760 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-08-17 14:14 - 2014-08-17 14:14 - 00000090 _____ () C:\Users\Daniel\Desktop\Neues Textdokument.txt
2014-08-17 14:05 - 2014-08-17 14:05 - 00873584 _____ (Opera Software) C:\Users\Daniel\Downloads\Opera_NI_stable.exe
2014-08-17 13:39 - 2014-08-17 13:39 - 00000000 ____D () C:\ProgramData\OwidmObxuk
2014-08-17 13:18 - 2014-08-17 13:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-17 13:10 - 2014-08-19 13:44 - 00006572 _____ () C:\Windows\PFRO.log
2014-08-16 22:20 - 2014-08-16 22:20 - 00019989 _____ () C:\Users\Daniel\AppData\Roaming\hs_err_pid7000.log
2014-08-16 22:13 - 2014-08-17 13:16 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-16 09:50 - 2014-08-19 13:44 - 00001400 _____ () C:\Windows\setupact.log
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-13 16:50 - 2014-08-13 16:50 - 00000000 ____D () C:\Users\Daniel\Documents\Square Enix
2014-07-22 17:17 - 2014-07-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-07-22 17:17 - 2014-07-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-22 17:14 - 2014-07-22 17:14 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-07-22 17:12 - 2014-07-22 17:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-22 17:12 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-22 17:12 - 2014-07-22 17:12 - 00000000 ___RD () C:\MSOCache
2014-07-22 17:12 - 2014-07-22 17:12 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Microsoft Help
2014-07-22 17:03 - 2014-07-22 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-07-22 17:03 - 2014-07-22 17:03 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-07-22 17:01 - 2014-07-22 17:02 - 00961360 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\Virtual CloneDrive - CHIP-Installer.exe
2014-07-22 16:04 - 2014-07-22 16:04 - 00000000 ____D () C:\Users\Daniel\Desktop\Word 2010
2014-07-22 16:03 - 2014-07-22 16:03 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Apps\2.0
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 14:45 - 2014-08-17 14:19 - 00012473 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-08-19 14:45 - 2013-12-11 23:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 14:44 - 2014-08-17 14:19 - 00000000 ____D () C:\FRST
2014-08-19 14:44 - 2013-11-13 21:29 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Skype
2014-08-19 14:10 - 2013-11-12 17:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-19 14:02 - 2014-08-19 14:02 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408449756
2014-08-19 14:02 - 2014-08-19 14:02 - 00001135 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-08-19 14:02 - 2014-08-19 14:02 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-08-19 14:02 - 2014-08-19 14:02 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-19 14:02 - 2013-11-12 16:51 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Opera Software
2014-08-19 14:02 - 2013-11-12 16:51 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Opera Software
2014-08-19 13:57 - 2013-11-12 16:07 - 00001439 _____ () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-19 13:57 - 2013-11-12 16:07 - 00001405 _____ () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-08-19 13:55 - 2014-08-19 13:55 - 00001264 _____ () C:\Users\Daniel\Desktop\Revo Uninstaller.lnk
2014-08-19 13:55 - 2014-08-19 13:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-19 13:50 - 2009-07-14 19:58 - 00644904 _____ () C:\Windows\system32\perfh007.dat
2014-08-19 13:50 - 2009-07-14 19:58 - 00126930 _____ () C:\Windows\system32\perfc007.dat
2014-08-19 13:50 - 2009-07-14 07:13 - 01475424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 13:46 - 2013-11-13 21:29 - 00000000 ____D () C:\ProgramData\Skype
2014-08-19 13:44 - 2014-08-17 13:10 - 00006572 _____ () C:\Windows\PFRO.log
2014-08-19 13:44 - 2014-08-16 09:50 - 00001400 _____ () C:\Windows\setupact.log
2014-08-19 13:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 00:29 - 2014-04-15 14:50 - 01649064 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 17:52 - 2014-08-17 17:52 - 00015538 _____ () C:\Users\Daniel\Desktop\ComboFix_neu.txt
2014-08-17 17:50 - 2014-08-17 17:50 - 00015538 _____ () C:\ComboFix.txt
2014-08-17 17:50 - 2014-08-17 14:51 - 00000000 ____D () C:\Qoobox
2014-08-17 17:49 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-17 17:43 - 2014-08-17 14:49 - 05572035 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe
2014-08-17 17:31 - 2014-08-17 17:31 - 00001186 _____ () C:\Users\Daniel\Desktop\JRT.txt
2014-08-17 17:31 - 2014-04-16 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-17 17:27 - 2014-08-17 17:27 - 00000000 ____D () C:\Windows\ERUNT
2014-08-17 17:26 - 2014-08-17 17:26 - 01016261 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2014-08-17 17:24 - 2014-08-17 17:24 - 00005824 _____ () C:\Users\Daniel\Desktop\AdwCleaner[S0].txt
2014-08-17 17:22 - 2014-08-17 17:21 - 00000000 ____D () C:\AdwCleaner
2014-08-17 17:13 - 2014-08-17 17:13 - 00005290 _____ () C:\Users\Daniel\Desktop\mbam.txt
2014-08-17 17:12 - 2014-08-17 16:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 17:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-08-17 16:42 - 2014-08-17 16:42 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-17 16:42 - 2014-08-17 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-17 16:42 - 2014-08-17 16:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-17 16:42 - 2014-08-17 16:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-17 16:32 - 2014-08-17 16:31 - 01361671 _____ () C:\Users\Daniel\Desktop\adwcleaner_3.307.exe
2014-08-17 14:59 - 2014-08-17 14:59 - 00016081 _____ () C:\Users\Daniel\Desktop\ComboFix.txt
2014-08-17 14:58 - 2014-08-17 14:51 - 00000000 ____D () C:\Windows\erdnt
2014-08-17 14:47 - 2014-05-22 23:37 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-08-17 14:29 - 2014-08-17 14:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-17 14:28 - 2014-08-17 14:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-17 14:28 - 2013-11-13 23:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-17 14:14 - 2014-08-17 14:14 - 02101760 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-08-17 14:14 - 2014-08-17 14:14 - 00000090 _____ () C:\Users\Daniel\Desktop\Neues Textdokument.txt
2014-08-17 14:11 - 2014-04-26 15:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-17 14:05 - 2014-08-17 14:05 - 00873584 _____ (Opera Software) C:\Users\Daniel\Downloads\Opera_NI_stable.exe
2014-08-17 13:39 - 2014-08-17 13:39 - 00000000 ____D () C:\ProgramData\OwidmObxuk
2014-08-17 13:18 - 2014-08-17 13:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-17 13:16 - 2014-08-16 22:13 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-16 22:20 - 2014-08-16 22:20 - 00019989 _____ () C:\Users\Daniel\AppData\Roaming\hs_err_pid7000.log
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-13 16:50 - 2014-08-13 16:50 - 00000000 ____D () C:\Users\Daniel\Documents\Square Enix
2014-08-12 20:46 - 2013-11-15 17:28 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\.minecraft
2014-08-06 18:57 - 2014-07-14 13:07 - 00000000 ____D () C:\Users\Daniel\Desktop\Neuer Ordner
2014-08-04 11:24 - 2013-11-13 21:29 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Spotify
2014-08-02 12:11 - 2014-03-10 15:25 - 00000000 ____D () C:\Users\Daniel\AppData\Local\TeamSpeak 3 Client
2014-08-01 10:43 - 2014-07-03 14:33 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-31 17:57 - 2013-11-13 21:30 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Spotify
2014-07-28 22:11 - 2013-12-24 10:57 - 00524800 ___SH () C:\Users\Daniel\Desktop\Thumbs.db
2014-07-28 17:43 - 2014-01-31 20:51 - 00000000 ____D () C:\Windows\Minidump
2014-07-24 15:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-24 09:33 - 2009-07-14 06:45 - 00414968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-23 11:02 - 2013-11-12 16:17 - 00108840 _____ () C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-22 17:20 - 2014-07-22 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-07-22 17:18 - 2014-07-22 17:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-22 17:17 - 2014-07-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-07-22 17:17 - 2014-07-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-22 17:16 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-07-22 17:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-22 17:15 - 2014-07-22 17:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-22 17:14 - 2014-07-22 17:14 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-22 17:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-07-22 17:13 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini
2014-07-22 17:12 - 2014-07-22 17:12 - 00000000 ___RD () C:\MSOCache
2014-07-22 17:12 - 2014-07-22 17:12 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Microsoft Help
2014-07-22 17:03 - 2014-07-22 17:03 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-07-22 17:02 - 2014-07-22 17:01 - 00961360 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\Virtual CloneDrive - CHIP-Installer.exe
2014-07-22 16:58 - 2014-07-09 12:34 - 00000000 ____D () C:\Users\Daniel\Desktop\UB
2014-07-22 16:04 - 2014-07-22 16:04 - 00000000 ____D () C:\Users\Daniel\Desktop\Word 2010
2014-07-22 16:03 - 2014-07-22 16:03 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Apps\2.0
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-07 16:12
==================== End Of Log ============================
|
|
20.08.2014, 08:32
| #6 |
| /// the machine /// TB-Ausbilder | Regsvr32 Error, Trojaner und Malware Andere Browser gehen?
__________________ --> Regsvr32 Error, Trojaner und Malware |
|
20.08.2014, 08:34
| #7 |
| | Regsvr32 Error, Trojaner und Malware Ja, andere Browser laufen ohne Probleme. Hab gemerkt, dass Opera auch ohne ComboFix läuft, wenn ich es als Administrator starte. Dauer zwar 3 Sekunden länger aber wenns funktioniert.. Ich bedanke mich nochmals herzlichst bei dir! |
|
21.08.2014, 07:53
| #8 |
| /// the machine /// TB-Ausbilder | Regsvr32 Error, Trojaner und Malware Du hast aber sicher mit Revo auch die Reste von Opera entfernen lassen? Und Opera nach Neuinstall nochmal zurückgesetzt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Regsvr32 Error, Trojaner und Malware |
| 4d36e972-e325-11ce-bfc1-08002be10318, adware.linkular, conduit-search, conduit-search entfernen, pup.optional.installcore.a, pup.optional.qone8, pup.optional.sweetpage.a, quick_start, spotify web helper, sweet-page, sweet-page entfernen, sweetpage, sweetpage entfernen, teredo |
WARNUNG an die MITLESER: 
Linear-Darstellung
