Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Regsvr32 Error, Trojaner und Malware

Regsvr32 Error, Trojaner und Malware


Plagegeister aller Art und deren Bekämpfung: Regsvr32 Error, Trojaner und Malware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.08.2014, 13:44   #1
MisterD
 
Regsvr32 Error, Trojaner und Malware - Standard

Regsvr32 Error, Trojaner und Malware


Guten Tag alle zusammen,

und zwar habe ich folgendes Problem, das gestern Abend begann (ich habe nichts neues installiert, war auf keinen dubiosen Seiten oder Ähnliches):
Opera - mein Standardbrowser - lädt auf einmal nichts mehr. Weder Internetseiten noch die Browsereinstellungen, den Verlauf oder sonstwas. Der Browser bleibt einfach weiß.
Gleichzeitig kam immer wieder eine Meldung, wie wenn ich was mit Firefox oder IE runterladen will und ob ich die Datei speichern oder nur öffnen möchte. Jedoch wollte ich nichts runterladen und habe es jedes mal abgebrochen. Die Datei hieß "bk-coretag.js".

Habe den PC dann runtergefahren und erst heute wieder gestartet.
Dann kam direkt beim Hochfahren der Error mir Regsvr32. Das Modul konnte nicht geladen werden. Es hat auch keinen Namen: ""

Folglich habe ich Avira Antivir (welches ich mittlerweile deinstalliert habe um nach der Reinigung ein besseres zu installieren) laufen lassen und es hat 3 Dateien gefunden:
1. niydof.exe (Speicherort: C:/User/Appdata/Roaming/Caitxu ; Hersteller: Meskisift Visaal Studie 2010)
2. Dateiname vergessen (Speicherort: C:/ProgramData/Okiyocinar)
3. Dateiname vergessen (Speicherort: C:/ProgramData/Owidmobxuk)

Habe die Dateien und die Ordner dann mit Avira schlicht und einfach gelöscht.
Nun ist das Problem mit Regsvr32 und Opera weiterhin.
Grade eben habe ich aus Jux Internet Explorer geöffnet und ich wurde direkt gefragt ob ich "Sweet-Page" als Standardseite setzen möchte. Dies ist also auch Malware, obwohl ich IE NIE benutze.

Habe in einem anderen Thread hier im Board ein ähnliches Problem gesehen und habe die vorgeschlagenen Schritte befolgt, bis bei mir ein anderer Fehler auftauchte:

Habe FRST runtergeladen und einen Scan laufen lassen.
Hier die FRST.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Daniel (administrator) on DANIEL-PC on 17-08-2014 14:19:19
Running from C:\Users\Daniel\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Adobe) C:\Users\Daniel\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\Run: [Spotify Web Helper] => C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-28] (Spotify Ltd)
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\Run: [OwidmObxuk] => regsvr32.exe "C:\ProgramData\OwidmObxuk\OwidmObxuk.dat"
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\Run: [OkiyoCinar] => regsvr32.exe "
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\Run: [Yzuxpakyc] => C:\Users\Daniel\AppData\Roaming\Caitxu\niydof.exe
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\MountPoints2: {76d87647-4bdd-11e3-942b-806e6f6e6963} - D:\CDSetup.exe
HKU\S-1-5-21-2141722115-4052543420-584581234-1000\...\MountPoints2: {80c5ed5f-11b1-11e4-8f13-8c89a50f52e5} - E:\SETUP.EXE
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32:  c:\progra~2\sk-enh~1\psupport.dll => "c:\progra~2\sk-enh~1\psupport.dll" File Not Found
AppInit_DLLs-x32:  ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x71678DADB4DFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400794622&from=cor&uid=WDCXWD7500BPVX-22JC3T0_WD-WX11E43A8776A8776&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default
FF DefaultSearchEngine: sweet-page
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF user.js: detected! => C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default\user.js
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default\Extensions\staged [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ib3ybrqe.default\extensions\quick_start@gmail.com

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-26] ()
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S4 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}w64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys [61112 2014-05-19] (StdLib)
S4 avgntflt; system32\DRIVERS\avgntflt.sys [X]
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 14:19 - 2014-08-17 14:19 - 00016603 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-08-17 14:19 - 2014-08-17 14:19 - 00000000 ____D () C:\FRST
2014-08-17 14:18 - 2014-08-17 14:18 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Adobe
2014-08-17 14:14 - 2014-08-17 14:14 - 02101760 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-08-17 14:14 - 2014-08-17 14:14 - 00000090 _____ () C:\Users\Daniel\Desktop\Neues Textdokument.txt
2014-08-17 14:12 - 2014-08-17 14:12 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-08-17 14:09 - 2014-08-17 14:09 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408277391
2014-08-17 14:09 - 2014-08-17 14:09 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-08-17 14:05 - 2014-08-17 14:05 - 00873584 _____ (Opera Software) C:\Users\Daniel\Downloads\Opera_NI_stable.exe
2014-08-17 13:39 - 2014-08-17 13:39 - 00000000 ____D () C:\ProgramData\OwidmObxuk
2014-08-17 13:18 - 2014-08-17 13:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-17 13:10 - 2014-08-17 14:02 - 00002254 _____ () C:\Windows\PFRO.log
2014-08-16 22:20 - 2014-08-16 22:20 - 00019989 _____ () C:\Users\Daniel\AppData\Roaming\hs_err_pid7000.log
2014-08-16 22:16 - 2014-08-17 14:00 - 00000804 _____ () C:\Windows\Tasks\Security Center Update - 2658502231.job
2014-08-16 22:16 - 2014-08-16 22:16 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 2658502231
2014-08-16 22:13 - 2014-08-17 13:16 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-16 09:50 - 2014-08-17 14:03 - 00000560 _____ () C:\Windows\setupact.log
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-13 16:50 - 2014-08-13 16:50 - 00000000 ____D () C:\Users\Daniel\Documents\Square Enix
2014-07-22 17:17 - 2014-07-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-07-22 17:17 - 2014-07-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-22 17:14 - 2014-07-22 17:14 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-07-22 17:12 - 2014-07-22 17:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-22 17:12 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-22 17:12 - 2014-07-22 17:12 - 00000000 __RHD () C:\MSOCache
2014-07-22 17:12 - 2014-07-22 17:12 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Microsoft Help
2014-07-22 17:03 - 2014-07-22 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-07-22 17:03 - 2014-07-22 17:03 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-07-22 17:01 - 2014-07-22 17:02 - 00961360 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\Virtual CloneDrive - CHIP-Installer.exe
2014-07-22 16:04 - 2014-07-22 16:04 - 00000000 ____D () C:\Users\Daniel\Desktop\Word 2010
2014-07-22 16:03 - 2014-07-22 16:03 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Apps\2.0

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 14:19 - 2014-08-17 14:19 - 00016603 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-08-17 14:19 - 2014-08-17 14:19 - 00000000 ____D () C:\FRST
2014-08-17 14:18 - 2014-08-17 14:18 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Adobe
2014-08-17 14:14 - 2014-08-17 14:14 - 02101760 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-08-17 14:14 - 2014-08-17 14:14 - 00000090 _____ () C:\Users\Daniel\Desktop\Neues Textdokument.txt
2014-08-17 14:13 - 2014-04-15 14:50 - 01601232 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 14:12 - 2014-08-17 14:12 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-08-17 14:11 - 2014-04-26 15:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-17 14:10 - 2013-12-11 23:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-17 14:09 - 2014-08-17 14:09 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408277391
2014-08-17 14:09 - 2014-08-17 14:09 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-08-17 14:09 - 2013-11-12 16:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-17 14:08 - 2009-07-14 19:58 - 00644904 _____ () C:\Windows\system32\perfh007.dat
2014-08-17 14:08 - 2009-07-14 19:58 - 00126930 _____ () C:\Windows\system32\perfc007.dat
2014-08-17 14:08 - 2009-07-14 07:13 - 01475424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 14:05 - 2014-08-17 14:05 - 00873584 _____ (Opera Software) C:\Users\Daniel\Downloads\Opera_NI_stable.exe
2014-08-17 14:03 - 2014-08-16 09:50 - 00000560 _____ () C:\Windows\setupact.log
2014-08-17 14:02 - 2014-08-17 13:10 - 00002254 _____ () C:\Windows\PFRO.log
2014-08-17 14:02 - 2013-12-11 23:30 - 00000454 ____H () C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job
2014-08-17 14:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 14:00 - 2014-08-16 22:16 - 00000804 _____ () C:\Windows\Tasks\Security Center Update - 2658502231.job
2014-08-17 13:45 - 2013-12-11 23:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 13:42 - 2013-11-13 23:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-17 13:39 - 2014-08-17 13:39 - 00000000 ____D () C:\ProgramData\OwidmObxuk
2014-08-17 13:18 - 2014-08-17 13:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-17 13:16 - 2014-08-16 22:13 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-17 01:25 - 2013-11-13 21:29 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Skype
2014-08-16 22:20 - 2014-08-16 22:20 - 00019989 _____ () C:\Users\Daniel\AppData\Roaming\hs_err_pid7000.log
2014-08-16 22:16 - 2014-08-16 22:16 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 2658502231
2014-08-16 22:06 - 2013-11-12 17:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-13 16:50 - 2014-08-13 16:50 - 00000000 ____D () C:\Users\Daniel\Documents\Square Enix
2014-08-12 20:46 - 2013-11-15 17:28 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\.minecraft
2014-08-06 18:57 - 2014-07-14 13:07 - 00000000 ____D () C:\Users\Daniel\Desktop\Neuer Ordner
2014-08-04 11:24 - 2013-11-13 21:29 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Spotify
2014-08-02 12:11 - 2014-03-10 15:25 - 00000000 ____D () C:\Users\Daniel\AppData\Local\TeamSpeak 3 Client
2014-08-01 10:43 - 2014-07-03 14:33 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-31 17:57 - 2013-11-13 21:30 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Spotify
2014-07-28 22:11 - 2013-12-24 10:57 - 00524800 ___SH () C:\Users\Daniel\Desktop\Thumbs.db
2014-07-28 17:43 - 2014-01-31 20:51 - 00000000 ____D () C:\Windows\Minidump
2014-07-24 15:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-24 09:33 - 2009-07-14 06:45 - 00414968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-23 11:02 - 2013-11-12 16:17 - 00108840 _____ () C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-22 17:20 - 2014-07-22 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-07-22 17:18 - 2014-07-22 17:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-22 17:17 - 2014-07-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-07-22 17:17 - 2014-07-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-22 17:16 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-07-22 17:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-07-22 17:15 - 2014-07-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-22 17:15 - 2014-07-22 17:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-22 17:14 - 2014-07-22 17:14 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-22 17:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-07-22 17:13 - 2014-07-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-07-22 17:13 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini
2014-07-22 17:12 - 2014-07-22 17:12 - 00000000 __RHD () C:\MSOCache
2014-07-22 17:12 - 2014-07-22 17:12 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Microsoft Help
2014-07-22 17:03 - 2014-07-22 17:03 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-07-22 17:02 - 2014-07-22 17:01 - 00961360 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\Virtual CloneDrive - CHIP-Installer.exe
2014-07-22 16:58 - 2014-07-09 12:34 - 00000000 ____D () C:\Users\Daniel\Desktop\UB
2014-07-22 16:04 - 2014-07-22 16:04 - 00000000 ____D () C:\Users\Daniel\Desktop\Word 2010
2014-07-22 16:03 - 2014-07-22 16:03 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Apps\2.0

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\bko.dll
C:\Users\Daniel\AppData\Local\Temp\diaw.dll
C:\Users\Daniel\AppData\Local\Temp\gui.dll
C:\Users\Daniel\AppData\Local\Temp\hettc.dll
C:\Users\Daniel\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe
C:\Users\Daniel\AppData\Local\Temp\lgicb.dll
C:\Users\Daniel\AppData\Local\Temp\rrmi.dll
C:\Users\Daniel\AppData\Local\Temp\ujcg.dll
C:\Users\Daniel\AppData\Local\Temp\UpdateFlashPlayer_f9dbcf57.exe
C:\Users\Daniel\AppData\Local\Temp\vrex.dll
C:\Users\Daniel\AppData\Local\Temp\yob.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 16:12

==================== End Of Log ============================
und hier die Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Daniel at 2014-08-17 14:19:44
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 11.10.13 - NVIDIA Corporation)
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Opera Stable 23.0.1522.75 (HKLM-x32\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0212 - )
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
World of Goo (HKLM-x32\...\Steam App 22000) (Version:  - 2D BOY)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-08-2014 08:43:42 Geplanter Prüfpunkt
09-08-2014 08:00:55 Geplanter Prüfpunkt
13-08-2014 14:50:42 DirectX wurde installiert
17-08-2014 11:41:44 Removed Adobe Reader XI (11.0.08) - Deutsch.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {177A169E-30F9-42BB-8B4D-5840B5C7C2D9} - System32\Tasks\Security Center Update - 2658502231 => C:\Users\Daniel\AppData\Roaming\Caitxu\niydof.exe
Task: {4703D143-F0D1-49C6-AD94-D7E873D5784D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {608C821D-5E17-4C82-9623-38D7B569F217} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {C8D02A84-2779-4F9E-A8A1-8B82C32C3C23} - System32\Tasks\Sk-Enhancer-S-5902107913 => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION
Task: {D36334FF-1384-4C72-B1E9-75289ED300C4} - System32\Tasks\Opera scheduled Autoupdate 1408277391 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-08] (Opera Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Security Center Update - 2658502231.job => C:\Users\Daniel\AppData\Roaming\Caitxu\niydof.exe <==== ATTENTION
Task: C:\Windows\Tasks\Sk-Enhancer-S-5902107913.job => c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-03-11 13:12 - 2014-03-04 16:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-11-12 21:40 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-11-16 00:32 - 2014-04-26 15:09 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-12 21:39 - 2014-03-04 16:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-16 11:38 - 2014-05-31 18:37 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-11-12 17:24 - 2013-03-12 14:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-09 12:48 - 2014-07-09 12:48 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (392)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.


System errors:
=============
Error: (08/17/2014 02:03:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/17/2014 01:38:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/17/2014 01:11:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/17/2014 01:11:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/17/2014 01:11:03 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (08/16/2014 11:19:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (08/16/2014 11:16:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (08/15/2014 03:13:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/15/2014 03:13:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (08/15/2014 02:56:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (08/17/2014 02:13:35 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (08/17/2014 02:13:30 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll392SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 8113.18 MB
Available physical RAM: 5992.06 MB
Total Pagefile: 16224.5 MB
Available Pagefile: 13975.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:696.77 GB) (Free:462.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0884D45E)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=696.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Habe dann wie in dem anderen Thread vorgeschlagen folgende Fixlist.txt
Code:
ATTFilter
HKU\S-1-5-21-2945054314-693221957-2648122378-1001\...\Run: [EwepuNwuhi] => regsvr32.exe "
erstellt und dabei kam foldender Fixlog heraus:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by Daniel at 2014-08-17 14:21:42 Run:1
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2945054314-693221957-2648122378-1001\...\Run: [EwepuNwuhi] => regsvr32.exe "
*****************

HKU\S-1-5-21-2945054314-693221957-2648122378-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EwepuNwuhi => Value not found.

==== End of Fixlog ====
Wegen dem "Value not found" habe ich an dieser Stelle erst einmal aufgehört.

Nun bräuchte ich wirklich eure Hilfe, mein PC ist anscheinend von vorne bis hinten dicht mit Malware und ich hab keine Ahnung, wie das passieren konnte, da ich mich recht gut mit PC's auskenne und immer darauf achte, was ich mache.

Ich danke euch schonmal viemals für eure Hilfe!

Viele Grüße, Daniel

 

Themen zu Regsvr32 Error, Trojaner und Malware
4d36e972-e325-11ce-bfc1-08002be10318, adware.linkular, conduit-search, conduit-search entfernen, pup.optional.installcore.a, pup.optional.qone8, pup.optional.sweetpage.a, quick_start, spotify web helper, sweet-page, sweet-page entfernen, sweetpage, sweetpage entfernen, teredo


« Nach Acronis True Image Backup Trojaner nicht entfernt! | Avira Fund TR/BProtector Windows 7 »


Ähnliche Themen: Regsvr32 Error, Trojaner und Malware


  1. RegSvr32 error bei System Start (verdacht auf Virus o.ä.)
    Log-Analyse und Auswertung - 19.02.2015 (26)
  2. Windows 7 meldet beim Start 'RegSvr32 Fehler beim Laden des Moduls "". ' seit mit Avira Malware entfernt wurde
    Log-Analyse und Auswertung - 10.10.2014 (22)
  3. C++ Libery Error und andere erros Win 8 verdacht auf Malware
    Plagegeister aller Art und deren Bekämpfung - 07.09.2014 (3)
  4. Online-Banking Sicherheitsüberprüfung/Trojaner TR/Crypt.ZPACK80204/Fehler RegSvr32
    Log-Analyse und Auswertung - 27.06.2014 (13)
  5. System Message - Write Fault Error / system error hard disk failure detected
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (9)
  6. Malwarebytes anti-malware installations error
    Antiviren-, Firewall- und andere Schutzprogramme - 30.06.2012 (4)
  7. RunScanner Error, Registry Access Error, ret=999
    Log-Analyse und Auswertung - 30.05.2012 (1)
  8. RunScanner Error Registry Access Error
    Alles rund um Windows - 01.06.2011 (0)
  9. Malwarebytes Anti-Malware Runtime error 372 + Taskleiste verschwunden
    Log-Analyse und Auswertung - 28.04.2011 (15)
  10. Malwarebytes Anti-Malware Runtime error 372
    Plagegeister aller Art und deren Bekämpfung - 04.08.2010 (27)
  11. Problem antivir error,fraps error und grafik fehler
    Log-Analyse und Auswertung - 01.07.2010 (1)
  12. Malware in der error 404 Seite!
    Plagegeister aller Art und deren Bekämpfung - 02.10.2009 (0)
  13. Hilfe bei error cleaner, privacy protector und malware&spyware protection!
    Plagegeister aller Art und deren Bekämpfung - 13.07.2008 (5)
  14. Brauch hilfe bei : Error Cleaner, Privacy Protector, Malware&Spyware Protection!
    Mülltonne - 06.07.2008 (0)
  15. HILFE! TR/DROPPER.gen und error cleaner privacy protector spyware malware protection
    Plagegeister aller Art und deren Bekämpfung - 24.03.2008 (13)
  16. Aplication data error / Error fenster
    Log-Analyse und Auswertung - 07.05.2007 (1)
  17. "error safe" malware
    Log-Analyse und Auswertung - 26.03.2006 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Regsvr32 Error, Trojaner und Malware - Guten Tag alle zusammen, und zwar habe ich folgendes Problem, das gestern Abend begann (ich habe nichts neues installiert, war auf keinen dubiosen Seiten oder Ähnliches): Opera - mein Standardbrowser - Regsvr32 Error, Trojaner und Malware...
Archiv
Du betrachtest: Regsvr32 Error, Trojaner und Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131