| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Fund mit AntivirWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.09.2014, 13:48
| #1 |
 |  Windows 7: Fund mit Antivir Liebe Helfer, leider habe ich erneut ein Problem mit meinem PC. Bei einem Antivir-Suchlauf ist kürzlich eine Bedrohung (APPL/DomaIQ.Gen) aufgetaucht. Ich habe die entsprechende Datei direkt in Quarantäne verschoben. Als ich eben die Quarantäne aufgerufen habe fiel mir auf, dass da noch weitere Dateien von einer früheren Bedrohung, die ich Dank euch beseitigt geglaubt habe, drin sind. Kann und sollte ich die irgendwie löschen? Hier erstmal die Logfiles, die ich aufgrund der aktuellen Bedrohung erstellt habe: FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014
Ran by André (administrator) on ANDRÉ-PC on 07-09-2014 13:26:51
Running from C:\Users\André\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Bioscrypt Inc.) C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\asghost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{7031EF6A-CD1B-4EDC-A366-18B7EDBCA85F}\37.0.2062.103_chrome_installer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Google Inc.) C:\Windows\Temp\CR_8F980.tmp\setup.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
() C:\Users\André\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Users\André\Downloads\Defogger.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [4789248 2013-05-20] (Broadcom Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM-x32\...\Run: [PTHOSTTR] => C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [354360 2009-08-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11227136 2009-07-06] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-07-19] (Infineon Technologies AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-22] (Microsoft Corporation)
HKU\S-1-5-21-3302090839-3622997415-88976330-1000\...\Run: [Amazon Cloud Player] => C:\Users\André\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
AppInit_DLLs: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook64.dll [382224 2009-07-28] (Bioscrypt Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASCredProv64
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E76070A1957CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Credential Manager for HP ProtectTools -> {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\André\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22]
CHR Extension: (Google Drive) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22]
CHR Extension: (YouTube) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22]
CHR Extension: (Google-Suche) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22]
CHR Extension: (Zotero Connector) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2013-09-07]
CHR Extension: (AdBlock) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Google Mail) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-09-07] (Avira Operations GmbH & Co. KG)
R2 ASBroker; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8547176 2009-11-20] (DisplayLink Corp.)
S3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HpFkCryptService; C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard) [File not signed]
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-07-19] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984352 2009-07-19] (Infineon Technologies AG)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-07-19] (Infineon Technologies AG)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4202496 2013-05-20] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-07-19] (Infineon Technologies AG)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [14880 2009-07-29] (SafeBoot International)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [55840 2009-07-29] () [File not signed]
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2007-07-16] (SafeBoot N.V.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15392 2009-07-29] (SafeBoot International)
R3 SMSCIRDA; C:\Windows\System32\DRIVERS\SMSCir64.sys [37760 2007-04-25] (SMSC)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-07 13:30 - 2014-09-07 13:30 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-07 13:26 - 2014-09-07 13:31 - 00019672 _____ () C:\Users\André\Downloads\FRST.txt
2014-09-07 13:26 - 2014-09-07 13:27 - 00000000 ____D () C:\FRST
2014-09-07 13:26 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-07 13:26 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-07 13:26 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-07 13:26 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-07 13:24 - 2014-09-07 13:25 - 02104832 _____ (Farbar) C:\Users\André\Downloads\FRST64.exe
2014-09-07 13:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-07 13:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-07 13:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-07 13:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-07 13:23 - 2014-09-07 13:23 - 00000472 _____ () C:\Users\André\Downloads\defogger_disable.log
2014-09-07 13:23 - 2014-09-07 13:23 - 00000000 _____ () C:\Users\André\defogger_reenable
2014-09-07 13:21 - 2014-09-07 13:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 13:20 - 2014-09-07 13:21 - 00050477 _____ () C:\Users\André\Downloads\Defogger.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-07 13:31 - 2014-09-07 13:26 - 00019672 _____ () C:\Users\André\Downloads\FRST.txt
2014-09-07 13:30 - 2014-09-07 13:30 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-07 13:30 - 2014-09-07 13:21 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 13:30 - 2013-05-20 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-07 13:30 - 2013-05-20 19:17 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-07 13:27 - 2014-09-07 13:26 - 00000000 ____D () C:\FRST
2014-09-07 13:27 - 2013-05-22 20:23 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-07 13:27 - 2013-05-20 17:01 - 01980806 _____ () C:\Windows\WindowsUpdate.log
2014-09-07 13:25 - 2014-09-07 13:24 - 02104832 _____ (Farbar) C:\Users\André\Downloads\FRST64.exe
2014-09-07 13:23 - 2014-09-07 13:23 - 00000472 _____ () C:\Users\André\Downloads\defogger_disable.log
2014-09-07 13:23 - 2014-09-07 13:23 - 00000000 _____ () C:\Users\André\defogger_reenable
2014-09-07 13:23 - 2013-05-20 17:06 - 00000000 ____D () C:\Users\André
2014-09-07 13:22 - 2013-05-20 19:17 - 00000000 ____D () C:\ProgramData\Avira
2014-09-07 13:21 - 2014-09-07 13:20 - 00050477 _____ () C:\Users\André\Downloads\Defogger.exe
2014-09-07 13:03 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-07 13:03 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 12:55 - 2013-05-22 20:23 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-07 12:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-07 12:53 - 2009-07-14 06:51 - 00053156 _____ () C:\Windows\setupact.log
Some content of TEMP:
====================
C:\Users\André\AppData\Local\Temp\avgnt.exe
C:\Users\André\AppData\Local\Temp\vlc-2.1.4-win64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 21:30
==================== End Of Log ============================
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2014
Ran by André at 2014-09-07 13:32:38
Running from C:\Users\André\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActivClient x64 (Version: 6.2 - ActivIdentity) Hidden
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
ATI Catalyst Install Manager (HKLM\...\{005B4A7D-A60B-CB64-80DA-8EAAF3A70807}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
AuthenTec Fingerprint System (Version: 8.0.202.0 - AuthenTec, Inc.) Hidden
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
BIOS Configuration for HP ProtectTools (HKLM-x32\...\{1960BE46-E85A-4933-B10A-6D8516585288}) (Version: 4.00 E1 - Hewlett-Packard)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.60.18.12 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0521.2235.38731 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0521.2235.38731 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0521.2235.38731 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0521.2235.38731 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0521.2235.38731 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0521.2235.38731 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help English (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help French (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help German (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0521.2234.38731 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0521.2235.38731 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0521.2235.38731 - ATI) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Credential Manager for HP ProtectTools (x32 Version: 4.1.6.1484 - Hewlett-Packard Company) Hidden
DisplayLink Core Software (HKLM\...\{8FCE3895-45F7-4C42-9AB2-4A6D6ED6324F}) (Version: 5.2.22271.0 - DisplayLink Corp.)
Drive Encryption for HP ProtectTools (Version: 4.0.24 - Hewlett-Packard) Hidden
Embedded Security for HP ProtectTools (HKLM\...\{4599ECEA-44C6-418C-9F66-9AAF5561CBDC}) (Version: 5.6.000 - Hewlett-Packard)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{789C97CE-9E17-4126-BDF4-11FF458BF705}) (Version: 1.0.1.10 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Battery Check (HKLM-x32\...\HP Battery Check) (Version: 4.0.17.0 - Hewlett-Packard)
HP Battery Check (x32 Version: 4.0.17.0 - Hewlett-Packard) Hidden
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{4850C1AE-BD1D-468C-9ABC-5486DC21E1E5}) (Version: 1.0.3.1 - Hewlett-Packard)
HP JavaCard for HP ProtectTools (x32 Version: 04.10.10.0003 - Hewlett-Packard) Hidden
HP ProtectTools Security Manager (x32 Version: 04.10.10.0003 - Hewlett-Packard) Hidden
HP ProtectTools Security Manager Suite (HKLM-x32\...\{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}) (Version: 04.10.10.0003 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{B9293A66-5F9A-4442-B690-922EF5A501DB}) (Version: 2.2.1 - Hewlett-Packard Company)
HP USB Docking Video (HKLM\...\{AD73C813-335F-45E7-9772-A4583FDFD177}) (Version: 5.2.22372.0 - Hewlett-Packard)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 6.2.0 (HKLM-x32\...\MKVToolNix) (Version: 6.2.0 - Moritz Bunkus)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379y) (Version: 7.80.3.52 - Conexant Systems)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.5240 - Analog Devices)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
09-07-2014 20:13:20 Installed PDF Architect 2 View Module
09-07-2014 20:57:49 Windows Update
11-07-2014 18:41:39 Removed PDF Architect 2 View Module
02-08-2014 12:39:29 Windows Update
07-09-2014 11:21:34 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {134D0CDE-5206-4255-8522-CF69DA242F94} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {3553DDC2-39C0-49C1-86E8-2AC48F21B2E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.)
Task: {5AB0C22A-0120-4142-98BF-B0BC014E3808} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-05-20 17:45 - 2013-05-20 17:45 - 00033280 _____ () C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
2013-12-16 20:34 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\André\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-05-22 21:41 - 2013-05-22 21:41 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 10:19 - 2008-11-25 10:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2008-12-18 15:03 - 2008-12-18 15:03 - 00020480 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-09-07 13:20 - 2014-09-07 13:21 - 00050477 _____ () C:\Users\André\Downloads\Defogger.exe
2014-03-12 22:53 - 2014-03-12 22:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-06-13 19:49 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 19:49 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-13 19:49 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 19:49 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 19:49 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-09-07 13:23 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\ANDR~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/13/2014 11:12:09 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (02/01/2014 11:37:42 AM) (Source: MsiInstaller) (EventID: 1024) (User: André-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011006}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/28/2013 08:08:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.60.18.12, Zeitstempel: 0x4aa6f143
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007ff003d9c28
ID des fehlerhaften Prozesses: 0x724
Startzeit der fehlerhaften Anwendung: 0xbcmwltry.exe0
Pfad der fehlerhaften Anwendung: bcmwltry.exe1
Pfad des fehlerhaften Moduls: bcmwltry.exe2
Berichtskennung: bcmwltry.exe3
Error: (12/08/2013 05:57:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 16b4
Startzeit: 01cef42df5a95197
Endzeit: 35
Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Berichts-ID: 69049e05-6021-11e3-bf41-001b38c3b66c
Error: (11/05/2013 10:58:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 13.6.20.2100 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1378
Startzeit: 01ceda692724f05c
Endzeit: 60000
Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
Berichts-ID: 9832749d-465c-11e3-b5db-001b38c3b66c
Error: (09/12/2013 02:08:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: André-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011004}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/09/2013 08:38:23 AM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Error: (08/09/2013 08:38:23 AM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: Das System kann den angegebenen Pfad nicht finden.
Error: (08/09/2013 08:38:23 AM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Error: (08/09/2013 08:38:23 AM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: Das System kann den angegebenen Pfad nicht finden.
System errors:
=============
Error: (09/07/2014 00:57:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error: (08/02/2014 02:55:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7429F543-2A60-4CB7-8BC5-F27EA898FB44}
Error: (08/02/2014 02:54:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst upnphost erreicht.
Error: (08/02/2014 02:32:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/02/2014 02:32:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.
Error: (08/02/2014 02:31:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error: (07/11/2014 09:27:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7429F543-2A60-4CB7-8BC5-F27EA898FB44}
Error: (07/11/2014 09:19:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7429F543-2A60-4CB7-8BC5-F27EA898FB44}
Error: (07/09/2014 10:55:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7429F543-2A60-4CB7-8BC5-F27EA898FB44}
Error: (07/08/2014 09:58:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7429F543-2A60-4CB7-8BC5-F27EA898FB44}
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
Percentage of memory in use: 72%
Total physical RAM: 3071.3 MB
Available physical RAM: 853.63 MB
Total Pagefile: 6140.79 MB
Available Pagefile: 2260.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.43 GB) (Free:7.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 81998F82)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-07 14:33:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800BEVT-75ZCT2 rev.11.01A11 74,53GB
Running: y2k1e4lc.exe; Driver: C:\Users\ANDR~1\AppData\Local\Temp\fglorpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002dad000 63 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002dad040 1 byte [10]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e31465 2 bytes [E3, 75]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e314bb 2 bytes [E3, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\spoolsv.exe [1988:2960] 000007fef5f710c8
Thread C:\Windows\System32\spoolsv.exe [1988:2968] 000007fef5f36144
Thread C:\Windows\System32\spoolsv.exe [1988:2972] 000007fef5d25fd0
Thread C:\Windows\System32\spoolsv.exe [1988:2976] 000007fef5d13438
Thread C:\Windows\System32\spoolsv.exe [1988:2980] 000007fef5d263ec
Thread C:\Windows\System32\spoolsv.exe [1988:2988] 000007fef6025e5c
Thread C:\Windows\System32\spoolsv.exe [1988:2992] 000007fef60d5074
Thread C:\Windows\System32\spoolsv.exe [1988:2160] 000007fef6142288
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4864:5152] 000007fefb622bf8
---- EOF - GMER 2.1 ----
Ich hoffe ich habe nicht vergessen und möchte mich schon einmal im Voraus für eure Hilfe bedanken! |
|
07.09.2014, 15:07
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Fund mit Antivir hi,
__________________LOgfile von Antivir?
__________________ |
|
07.09.2014, 16:01
| #3 |
| | Windows 7: Fund mit Antivir Oh sorry, das hatte ich vergessen.
__________________Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 7. September 2014 14:50
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ANDRÉ-PC
Versionsinformationen:
BUILD.DAT : 14.0.6.570 92022 Bytes 15.08.2014 10:30:00
AVSCAN.EXE : 14.0.6.548 1046608 Bytes 07.09.2014 11:06:04
AVSCANRC.DLL : 14.0.6.522 62544 Bytes 07.09.2014 11:06:04
LUKE.DLL : 14.0.6.522 57936 Bytes 07.09.2014 11:06:44
AVSCPLR.DLL : 14.0.6.548 92752 Bytes 07.09.2014 11:06:05
AVREG.DLL : 14.0.6.522 262224 Bytes 07.09.2014 11:06:02
avlode.dll : 14.0.6.526 603728 Bytes 07.09.2014 11:06:02
avlode.rdf : 14.0.4.42 65114 Bytes 02.08.2014 12:34:07
XBV00009.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:06:57
XBV00010.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:06:58
XBV00011.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:06:58
XBV00012.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:06:58
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:06:58
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:06:58
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:06:58
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:06:59
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:06:59
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:06:59
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:01
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:01
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:02
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:02
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:02
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:02
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:02
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:02
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:02
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:02
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:02
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:03
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:03
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:03
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:03
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:03
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:03
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:03
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:04
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:04
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:05
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:05
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:07:05
XBV00179.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00180.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00181.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00182.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00183.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00184.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00185.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00186.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00187.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00188.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00189.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00190.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00191.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00192.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00193.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:21
XBV00194.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:22
XBV00195.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:22
XBV00196.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:22
XBV00197.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:22
XBV00198.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:22
XBV00199.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:22
XBV00200.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:23
XBV00201.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:23
XBV00202.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:23
XBV00203.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:23
XBV00204.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:23
XBV00205.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:23
XBV00206.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:23
XBV00207.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:23
XBV00208.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:24
XBV00209.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:24
XBV00210.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:24
XBV00211.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:24
XBV00212.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:24
XBV00213.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:24
XBV00214.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:24
XBV00215.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:24
XBV00216.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:25
XBV00217.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:25
XBV00218.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:25
XBV00219.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:25
XBV00220.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:25
XBV00221.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:25
XBV00222.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:25
XBV00223.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:25
XBV00224.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:26
XBV00225.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:26
XBV00226.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:27
XBV00227.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:28
XBV00228.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:28
XBV00229.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:29
XBV00230.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:29
XBV00231.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:29
XBV00232.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:29
XBV00233.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:29
XBV00234.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:29
XBV00235.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:29
XBV00236.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:29
XBV00237.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00238.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00239.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00240.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00241.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00242.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00243.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00244.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00245.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00246.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00247.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00248.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00249.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00250.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00251.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00252.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00253.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00254.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:30
XBV00255.VDF : 8.11.167.234 2048 Bytes 19.08.2014 11:07:31
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 17:14:37
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 17:14:42
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 20:46:01
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 18:41:25
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 18:27:15
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 07:10:35
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 19:10:00
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 16:48:58
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 11:06:57
XBV00042.VDF : 8.11.167.234 1073152 Bytes 19.08.2014 11:07:05
XBV00043.VDF : 8.11.167.236 3584 Bytes 19.08.2014 11:07:05
XBV00044.VDF : 8.11.167.238 17408 Bytes 19.08.2014 11:07:05
XBV00045.VDF : 8.11.167.242 7168 Bytes 19.08.2014 11:07:05
XBV00046.VDF : 8.11.167.248 2048 Bytes 19.08.2014 11:07:06
XBV00047.VDF : 8.11.168.26 19968 Bytes 19.08.2014 11:07:06
XBV00048.VDF : 8.11.168.44 10240 Bytes 19.08.2014 11:07:06
XBV00049.VDF : 8.11.168.60 2048 Bytes 19.08.2014 11:07:06
XBV00050.VDF : 8.11.168.78 27136 Bytes 20.08.2014 11:07:06
XBV00051.VDF : 8.11.168.80 2048 Bytes 20.08.2014 11:07:06
XBV00052.VDF : 8.11.168.98 15360 Bytes 20.08.2014 11:07:06
XBV00053.VDF : 8.11.168.100 2048 Bytes 20.08.2014 11:07:06
XBV00054.VDF : 8.11.168.116 28160 Bytes 20.08.2014 11:07:07
XBV00055.VDF : 8.11.168.118 9216 Bytes 20.08.2014 11:07:07
XBV00056.VDF : 8.11.168.120 4096 Bytes 20.08.2014 11:07:08
XBV00057.VDF : 8.11.168.124 12800 Bytes 21.08.2014 11:07:08
XBV00058.VDF : 8.11.168.126 25088 Bytes 21.08.2014 11:07:08
XBV00059.VDF : 8.11.168.132 33280 Bytes 21.08.2014 11:07:08
XBV00060.VDF : 8.11.168.134 2048 Bytes 21.08.2014 11:07:08
XBV00061.VDF : 8.11.168.138 11776 Bytes 21.08.2014 11:07:08
XBV00062.VDF : 8.11.168.140 3584 Bytes 21.08.2014 11:07:08
XBV00063.VDF : 8.11.168.158 3584 Bytes 22.08.2014 11:07:09
XBV00064.VDF : 8.11.168.174 2048 Bytes 22.08.2014 11:07:09
XBV00065.VDF : 8.11.168.180 5120 Bytes 22.08.2014 11:07:09
XBV00066.VDF : 8.11.168.220 7168 Bytes 22.08.2014 11:07:09
XBV00067.VDF : 8.11.168.222 20480 Bytes 22.08.2014 11:07:09
XBV00068.VDF : 8.11.168.226 17920 Bytes 22.08.2014 11:07:09
XBV00069.VDF : 8.11.168.230 8704 Bytes 22.08.2014 11:07:09
XBV00070.VDF : 8.11.168.234 4608 Bytes 23.08.2014 11:07:09
XBV00071.VDF : 8.11.168.236 4608 Bytes 23.08.2014 11:07:09
XBV00072.VDF : 8.11.168.238 4608 Bytes 23.08.2014 11:07:09
XBV00073.VDF : 8.11.168.240 37376 Bytes 23.08.2014 11:07:09
XBV00074.VDF : 8.11.168.242 2048 Bytes 23.08.2014 11:07:09
XBV00075.VDF : 8.11.168.244 38400 Bytes 24.08.2014 11:07:09
XBV00076.VDF : 8.11.168.246 2048 Bytes 24.08.2014 11:07:09
XBV00077.VDF : 8.11.168.248 14848 Bytes 24.08.2014 11:07:09
XBV00078.VDF : 8.11.168.252 2048 Bytes 24.08.2014 11:07:09
XBV00079.VDF : 8.11.168.254 24576 Bytes 24.08.2014 11:07:09
XBV00080.VDF : 8.11.169.2 2048 Bytes 24.08.2014 11:07:09
XBV00081.VDF : 8.11.169.4 22528 Bytes 25.08.2014 11:07:09
XBV00082.VDF : 8.11.169.20 6656 Bytes 25.08.2014 11:07:09
XBV00083.VDF : 8.11.169.36 4608 Bytes 25.08.2014 11:07:10
XBV00084.VDF : 8.11.169.38 11264 Bytes 25.08.2014 11:07:10
XBV00085.VDF : 8.11.169.40 2048 Bytes 25.08.2014 11:07:10
XBV00086.VDF : 8.11.169.54 8192 Bytes 25.08.2014 11:07:10
XBV00087.VDF : 8.11.169.62 28672 Bytes 25.08.2014 11:07:10
XBV00088.VDF : 8.11.169.66 14336 Bytes 25.08.2014 11:07:10
XBV00089.VDF : 8.11.169.68 3584 Bytes 25.08.2014 11:07:10
XBV00090.VDF : 8.11.169.72 15872 Bytes 26.08.2014 11:07:10
XBV00091.VDF : 8.11.169.74 6144 Bytes 26.08.2014 11:07:10
XBV00092.VDF : 8.11.169.76 12288 Bytes 26.08.2014 11:07:10
XBV00093.VDF : 8.11.169.78 5632 Bytes 26.08.2014 11:07:10
XBV00094.VDF : 8.11.169.80 25088 Bytes 26.08.2014 11:07:10
XBV00095.VDF : 8.11.169.82 5120 Bytes 26.08.2014 11:07:10
XBV00096.VDF : 8.11.169.88 24064 Bytes 26.08.2014 11:07:10
XBV00097.VDF : 8.11.169.90 9216 Bytes 26.08.2014 11:07:10
XBV00098.VDF : 8.11.169.94 33280 Bytes 26.08.2014 11:07:11
XBV00099.VDF : 8.11.169.108 7680 Bytes 26.08.2014 11:07:11
XBV00100.VDF : 8.11.169.122 5120 Bytes 26.08.2014 11:07:11
XBV00101.VDF : 8.11.169.136 3072 Bytes 27.08.2014 11:07:11
XBV00102.VDF : 8.11.169.138 8704 Bytes 27.08.2014 11:07:11
XBV00103.VDF : 8.11.169.140 15872 Bytes 27.08.2014 11:07:11
XBV00104.VDF : 8.11.169.142 10240 Bytes 27.08.2014 11:07:11
XBV00105.VDF : 8.11.169.144 17408 Bytes 27.08.2014 11:07:11
XBV00106.VDF : 8.11.169.148 18944 Bytes 27.08.2014 11:07:11
XBV00107.VDF : 8.11.169.150 2048 Bytes 27.08.2014 11:07:11
XBV00108.VDF : 8.11.169.152 14336 Bytes 27.08.2014 11:07:11
XBV00109.VDF : 8.11.169.154 2048 Bytes 27.08.2014 11:07:11
XBV00110.VDF : 8.11.169.156 2048 Bytes 27.08.2014 11:07:11
XBV00111.VDF : 8.11.169.160 11264 Bytes 27.08.2014 11:07:11
XBV00112.VDF : 8.11.169.164 31744 Bytes 28.08.2014 11:07:11
XBV00113.VDF : 8.11.169.166 18432 Bytes 28.08.2014 11:07:11
XBV00114.VDF : 8.11.169.168 10240 Bytes 28.08.2014 11:07:12
XBV00115.VDF : 8.11.169.186 35328 Bytes 28.08.2014 11:07:12
XBV00116.VDF : 8.11.169.202 8192 Bytes 28.08.2014 11:07:12
XBV00117.VDF : 8.11.169.214 2048 Bytes 28.08.2014 11:07:12
XBV00118.VDF : 8.11.169.216 2048 Bytes 28.08.2014 11:07:12
XBV00119.VDF : 8.11.169.230 40960 Bytes 29.08.2014 11:07:12
XBV00120.VDF : 8.11.169.232 8192 Bytes 29.08.2014 11:07:12
XBV00121.VDF : 8.11.169.238 45056 Bytes 29.08.2014 11:07:12
XBV00122.VDF : 8.11.169.242 4096 Bytes 29.08.2014 11:07:12
XBV00123.VDF : 8.11.169.248 52224 Bytes 29.08.2014 11:07:12
XBV00124.VDF : 8.11.170.12 4096 Bytes 29.08.2014 11:07:13
XBV00125.VDF : 8.11.170.24 2560 Bytes 29.08.2014 11:07:13
XBV00126.VDF : 8.11.170.38 5632 Bytes 30.08.2014 11:07:13
XBV00127.VDF : 8.11.170.40 19456 Bytes 30.08.2014 11:07:13
XBV00128.VDF : 8.11.170.42 25088 Bytes 30.08.2014 11:07:13
XBV00129.VDF : 8.11.170.44 69632 Bytes 31.08.2014 11:07:13
XBV00130.VDF : 8.11.170.48 7168 Bytes 31.08.2014 11:07:13
XBV00131.VDF : 8.11.170.50 8192 Bytes 31.08.2014 11:07:13
XBV00132.VDF : 8.11.170.52 19456 Bytes 01.09.2014 11:07:14
XBV00133.VDF : 8.11.170.64 3072 Bytes 01.09.2014 11:07:14
XBV00134.VDF : 8.11.170.74 3584 Bytes 01.09.2014 11:07:14
XBV00135.VDF : 8.11.170.84 8192 Bytes 01.09.2014 11:07:14
XBV00136.VDF : 8.11.170.90 41472 Bytes 01.09.2014 11:07:14
XBV00137.VDF : 8.11.170.94 2048 Bytes 01.09.2014 11:07:14
XBV00138.VDF : 8.11.170.96 29696 Bytes 01.09.2014 11:07:14
XBV00139.VDF : 8.11.170.100 28160 Bytes 01.09.2014 11:07:14
XBV00140.VDF : 8.11.170.102 23552 Bytes 01.09.2014 11:07:14
XBV00141.VDF : 8.11.170.106 13824 Bytes 02.09.2014 11:07:14
XBV00142.VDF : 8.11.170.116 10752 Bytes 02.09.2014 11:07:14
XBV00143.VDF : 8.11.170.126 5632 Bytes 02.09.2014 11:07:14
XBV00144.VDF : 8.11.170.136 13824 Bytes 02.09.2014 11:07:14
XBV00145.VDF : 8.11.170.140 23040 Bytes 02.09.2014 11:07:15
XBV00146.VDF : 8.11.170.142 7168 Bytes 02.09.2014 11:07:15
XBV00147.VDF : 8.11.170.144 16384 Bytes 02.09.2014 11:07:15
XBV00148.VDF : 8.11.170.148 25600 Bytes 02.09.2014 11:07:16
XBV00149.VDF : 8.11.170.150 12800 Bytes 02.09.2014 11:07:16
XBV00150.VDF : 8.11.170.152 5632 Bytes 02.09.2014 11:07:16
XBV00151.VDF : 8.11.170.158 4608 Bytes 03.09.2014 11:07:16
XBV00152.VDF : 8.11.170.160 3072 Bytes 03.09.2014 11:07:16
XBV00153.VDF : 8.11.170.166 25600 Bytes 03.09.2014 11:07:16
XBV00154.VDF : 8.11.170.168 14848 Bytes 03.09.2014 11:07:17
XBV00155.VDF : 8.11.170.170 2048 Bytes 03.09.2014 11:07:18
XBV00156.VDF : 8.11.170.174 18944 Bytes 03.09.2014 11:07:18
XBV00157.VDF : 8.11.170.186 4608 Bytes 03.09.2014 11:07:18
XBV00158.VDF : 8.11.170.194 7680 Bytes 03.09.2014 11:07:18
XBV00159.VDF : 8.11.170.202 2560 Bytes 03.09.2014 11:07:18
XBV00160.VDF : 8.11.170.204 5120 Bytes 04.09.2014 11:07:18
XBV00161.VDF : 8.11.170.208 15360 Bytes 04.09.2014 11:07:18
XBV00162.VDF : 8.11.170.212 2048 Bytes 04.09.2014 11:07:19
XBV00163.VDF : 8.11.170.214 6656 Bytes 04.09.2014 11:07:19
XBV00164.VDF : 8.11.170.218 14848 Bytes 04.09.2014 11:07:19
XBV00165.VDF : 8.11.170.222 27648 Bytes 04.09.2014 11:07:19
XBV00166.VDF : 8.11.170.226 8192 Bytes 04.09.2014 11:07:19
XBV00167.VDF : 8.11.170.228 3072 Bytes 05.09.2014 11:07:20
XBV00168.VDF : 8.11.170.230 3072 Bytes 05.09.2014 11:07:20
XBV00169.VDF : 8.11.170.232 2560 Bytes 05.09.2014 11:07:20
XBV00170.VDF : 8.11.170.234 3584 Bytes 05.09.2014 11:07:20
XBV00171.VDF : 8.11.170.236 17920 Bytes 05.09.2014 11:07:20
XBV00172.VDF : 8.11.170.240 58368 Bytes 05.09.2014 11:07:20
XBV00173.VDF : 8.11.170.250 13312 Bytes 05.09.2014 11:07:20
XBV00174.VDF : 8.11.171.2 4608 Bytes 05.09.2014 11:07:20
XBV00175.VDF : 8.11.171.10 5632 Bytes 05.09.2014 11:07:20
XBV00176.VDF : 8.11.171.18 12288 Bytes 06.09.2014 11:07:20
XBV00177.VDF : 8.11.171.20 4608 Bytes 06.09.2014 11:07:21
XBV00178.VDF : 8.11.171.22 24576 Bytes 06.09.2014 11:07:21
LOCAL000.VDF : 8.11.171.22 110309888 Bytes 06.09.2014 11:12:36
Engineversion : 8.3.24.22
AEVDF.DLL : 8.3.1.6 133992 Bytes 07.09.2014 11:05:56
AESCRIPT.DLL : 8.2.0.22 436136 Bytes 07.09.2014 11:05:56
AESCN.DLL : 8.3.2.2 139456 Bytes 02.08.2014 12:34:05
AESBX.DLL : 8.2.20.24 1409224 Bytes 13.05.2014 18:38:56
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 18:58:34
AEPACK.DLL : 8.4.0.50 792488 Bytes 07.09.2014 11:05:56
AEOFFICE.DLL : 8.3.0.20 216104 Bytes 07.09.2014 11:05:55
AEHEUR.DLL : 8.1.4.1266 7473064 Bytes 07.09.2014 11:05:55
AEHELP.DLL : 8.3.1.0 278728 Bytes 29.05.2014 09:36:36
AEGEN.DLL : 8.1.7.28 450752 Bytes 06.06.2014 16:43:57
AEEXP.DLL : 8.4.2.32 247712 Bytes 07.09.2014 11:05:56
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.09.2014 11:05:54
AEDROID.DLL : 8.4.2.24 442568 Bytes 04.06.2014 16:42:07
AECORE.DLL : 8.3.2.6 243712 Bytes 07.09.2014 11:05:54
AEBB.DLL : 8.1.2.0 60448 Bytes 07.09.2014 11:05:54
AVWINLL.DLL : 14.0.6.522 24144 Bytes 07.09.2014 11:05:48
AVPREF.DLL : 14.0.6.522 50256 Bytes 07.09.2014 11:06:02
AVREP.DLL : 14.0.6.522 219216 Bytes 07.09.2014 11:06:03
AVARKT.DLL : 14.0.5.368 226384 Bytes 03.07.2014 18:48:07
AVEVTLOG.DLL : 14.0.6.522 182352 Bytes 07.09.2014 11:06:01
SQLITE3.DLL : 14.0.6.522 452176 Bytes 07.09.2014 11:06:54
AVSMTP.DLL : 14.0.6.522 76368 Bytes 07.09.2014 11:06:06
NETNT.DLL : 14.0.6.522 13392 Bytes 07.09.2014 11:06:45
RCIMAGE.DLL : 14.0.6.544 4863568 Bytes 07.09.2014 11:05:50
RCTEXT.DLL : 14.0.6.558 76080 Bytes 07.09.2014 11:05:51
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Sonntag, 7. September 2014 14:50
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATService.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPFSService.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'HpFkCrypt.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '167' Modul(e) wurden durchsucht
Durchsuche Prozess 'UMVPFSrv.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'Hpservice.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'DisplayLinkManager.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'DisplayLinkUserAgent.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRYSVC.EXE' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'bcmwltry.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'ac.sharedstore.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'acevents.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'AEADISRV.EXE' - '8' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPDrvMntSvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'ifxspmgt.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'ifxtcs.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'IfxPsdSv.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'DisplayLinkUI.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '208' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsGHost.exe' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'acevents.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'accrdsub.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRAY.EXE' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'Amazon Music Helper.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'smax4pnp.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'pthosttr.exe' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolCtrl.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqWmiEx.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'CoreShredder.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSDrt.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '174' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '135' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'Defogger.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqToaster.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpCaslNotification.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1763' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\$Recycle.Bin\S-1-5-21-3302090839-3622997415-88976330-1000\$R7ZQJNK\com.skype.raider-20140531-181451.tar.gz
[WARNUNG] Mögliche Archivbombe: die maximale Komprimierungsrate wurde überschritten.
C:\$Recycle.Bin\S-1-5-21-3302090839-3622997415-88976330-1000\$RTT2ZK2\com.skype.raider-20140620-161030.tar.gz
[WARNUNG] Mögliche Archivbombe: die maximale Komprimierungsrate wurde überschritten.
C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
[FUND] Enthält Erkennungsmuster der Anwendung APPL/DomaIQ.Gen
Beginne mit der Desinfektion:
C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
[FUND] Enthält Erkennungsmuster der Anwendung APPL/DomaIQ.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50dfdc1a.qua' verschoben!
Ende des Suchlaufs: Sonntag, 7. September 2014 16:58
Benötigte Zeit: 2:04:29 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
28808 Verzeichnisse wurden überprüft
968911 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
968910 Dateien ohne Befall
5907 Archive wurden durchsucht
2 Warnungen
1 Hinweise
773284 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
|
|
08.09.2014, 13:30
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Fund mit Antivir Adware & Co. deinstallieren
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.09.2014, 19:43
| #5 |
| | Windows 7: Fund mit Antivir Hallo, vielen Dank zunächst für die schnelle Hilfe! Mit dem Revo-Uninstaller habe ich nirgens den Zusatz "Attention" gesehen. Jedoch habe ich, da ich mich nicht erinnern konnte das entsprechende Programm installiert zu haben und nach Google-Suche folgendes Programm deinstalliert: "remote desktop access vuupc". Ansonsten habe ich die vorgegebenen Aktionen ausgeführt. Hier die log's: mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.09.2014 Suchlauf-Zeit: 19:39:03 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.08.05 Rootkit Datenbank: v2014.08.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: André Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 300659 Verstrichene Zeit: 16 Min, 52 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Adware cleaner: Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 08/09/2014 um 20:01:39
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : André - ANDRÉ-PC
# Gestartet von : C:\Users\André\Downloads\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Users\André\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\André\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Google Chrome v37.0.2062.103
[ Datei : C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1918 octets] - [08/09/2014 19:59:50]
AdwCleaner[S0].txt - [1853 octets] - [08/09/2014 20:01:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1913 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Andr‚ on 08.09.2014 at 20:18:48,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrics_fan
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.09.2014 at 20:31:24,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by André (administrator) on ANDRÉ-PC on 08-09-2014 20:34:55
Running from C:\Users\André\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Bioscrypt Inc.) C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\asghost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\André\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [4789248 2013-05-20] (Broadcom Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM-x32\...\Run: [PTHOSTTR] => C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [354360 2009-08-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11227136 2009-07-06] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-07-19] (Infineon Technologies AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-22] (Microsoft Corporation)
HKU\S-1-5-21-3302090839-3622997415-88976330-1000\...\Run: [Amazon Cloud Player] => C:\Users\André\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
AppInit_DLLs: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook64.dll [382224 2009-07-28] (Bioscrypt Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASCredProv64
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E76070A1957CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Credential Manager for HP ProtectTools -> {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> 4BF448B43CCC1486BFCD2772DBB164ED2B4D625439D972070B6E1F9735EDCF52
CHR DefaultSearchURL: Default -> 5ABBABE48F3A20C966CF6A21B75719E750BD828DA97F151722955DCE470C05BC
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\André\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22]
CHR Extension: (Google Drive) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22]
CHR Extension: (Google-Suche) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22]
CHR Extension: (Zotero Connector) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2013-09-07]
CHR Extension: (Avira Browser Safety) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-07]
CHR Extension: (AdBlock) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Google Mail) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-09-07] (Avira Operations GmbH & Co. KG)
R2 ASBroker; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8547176 2009-11-20] (DisplayLink Corp.)
S3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HpFkCryptService; C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard) [File not signed]
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-07-19] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984352 2009-07-19] (Infineon Technologies AG)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-07-19] (Infineon Technologies AG)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4202496 2013-05-20] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-07-19] (Infineon Technologies AG)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [14880 2009-07-29] (SafeBoot International)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [55840 2009-07-29] () [File not signed]
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2007-07-16] (SafeBoot N.V.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15392 2009-07-29] (SafeBoot International)
R3 SMSCIRDA; C:\Windows\System32\DRIVERS\SMSCir64.sys [37760 2007-04-25] (SMSC)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 20:34 - 2014-09-08 20:34 - 00000000 ____D () C:\Users\André\Downloads\FRST-OlderVersion
2014-09-08 20:31 - 2014-09-08 20:31 - 00000824 _____ () C:\Users\André\Desktop\JRT.txt
2014-09-08 20:14 - 2014-09-08 20:15 - 01016261 _____ (Thisisu) C:\Users\André\Downloads\JRT.exe
2014-09-08 20:13 - 2014-09-08 20:13 - 00001997 _____ () C:\Users\André\Desktop\AdwCleaner[S0].txt
2014-09-08 20:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-08 19:59 - 2014-09-08 20:02 - 00000000 ____D () C:\AdwCleaner
2014-09-08 19:58 - 2014-09-08 19:58 - 01370483 _____ () C:\Users\André\Downloads\adwcleaner_3.309.exe
2014-09-08 19:57 - 2014-09-08 19:57 - 00001160 _____ () C:\Users\André\Desktop\mbam.txt
2014-09-08 19:20 - 2014-09-08 19:20 - 00001264 _____ () C:\Users\André\Desktop\Revo Uninstaller.lnk
2014-09-08 19:20 - 2014-09-08 19:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 19:18 - 2014-09-08 19:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\André\Downloads\revosetup95.exe
2014-09-07 17:19 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-07 17:19 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-07 17:19 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-07 17:19 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-07 17:19 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-07 17:19 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-07 17:19 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-07 17:19 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-07 14:33 - 2014-09-07 14:33 - 00002856 _____ () C:\Users\André\Downloads\Gmer.txt
2014-09-07 14:01 - 2014-09-07 14:01 - 00380416 _____ () C:\Users\André\Downloads\y2k1e4lc.exe
2014-09-07 14:00 - 2014-09-07 14:01 - 00380416 _____ () C:\Users\André\Downloads\y32p23dt.exe
2014-09-07 13:56 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-07 13:56 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-07 13:54 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-07 13:54 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-07 13:54 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-07 13:54 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-07 13:54 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-07 13:54 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-07 13:54 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-07 13:53 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-07 13:53 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-07 13:53 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-07 13:52 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-07 13:52 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-07 13:52 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-07 13:52 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-07 13:52 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-07 13:51 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-07 13:51 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-07 13:51 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-07 13:51 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-07 13:51 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-07 13:51 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-07 13:51 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-07 13:51 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-07 13:51 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-07 13:51 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-07 13:51 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-07 13:51 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-07 13:51 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-07 13:51 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-07 13:51 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-07 13:51 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-07 13:51 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-07 13:51 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-07 13:51 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-07 13:51 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-07 13:51 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-07 13:51 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-07 13:51 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-07 13:51 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-07 13:51 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-07 13:51 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-07 13:51 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-07 13:51 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-07 13:51 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-07 13:51 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-07 13:51 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-07 13:51 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-07 13:51 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-07 13:51 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-07 13:51 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-07 13:51 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-07 13:51 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-07 13:51 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-07 13:51 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-07 13:51 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-07 13:51 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-07 13:51 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-07 13:51 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-07 13:51 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-07 13:51 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-07 13:51 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-07 13:51 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-07 13:51 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-07 13:51 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-07 13:51 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-07 13:51 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-07 13:51 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-07 13:51 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-07 13:51 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-07 13:51 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-07 13:51 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-07 13:49 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-07 13:49 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-07 13:32 - 2014-09-07 13:36 - 00026166 _____ () C:\Users\André\Downloads\Addition.txt
2014-09-07 13:30 - 2014-09-07 13:30 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-07 13:26 - 2014-09-08 20:34 - 00019319 _____ () C:\Users\André\Downloads\FRST.txt
2014-09-07 13:26 - 2014-09-08 20:34 - 00000000 ____D () C:\FRST
2014-09-07 13:26 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-07 13:26 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-07 13:26 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-07 13:26 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-07 13:25 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-07 13:25 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-07 13:25 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-07 13:25 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-07 13:25 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-07 13:25 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-07 13:24 - 2014-09-08 20:34 - 02105344 _____ (Farbar) C:\Users\André\Downloads\FRST64.exe
2014-09-07 13:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-07 13:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-07 13:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-07 13:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-07 13:23 - 2014-09-07 13:23 - 00000472 _____ () C:\Users\André\Downloads\defogger_disable.log
2014-09-07 13:23 - 2014-09-07 13:23 - 00000000 _____ () C:\Users\André\defogger_reenable
2014-09-07 13:21 - 2014-09-07 13:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 13:20 - 2014-09-07 13:21 - 00050477 _____ () C:\Users\André\Downloads\Defogger.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 20:36 - 2014-09-07 13:26 - 00019319 _____ () C:\Users\André\Downloads\FRST.txt
2014-09-08 20:34 - 2014-09-08 20:34 - 00000000 ____D () C:\Users\André\Downloads\FRST-OlderVersion
2014-09-08 20:34 - 2014-09-07 13:26 - 00000000 ____D () C:\FRST
2014-09-08 20:34 - 2014-09-07 13:24 - 02105344 _____ (Farbar) C:\Users\André\Downloads\FRST64.exe
2014-09-08 20:31 - 2014-09-08 20:31 - 00000824 _____ () C:\Users\André\Desktop\JRT.txt
2014-09-08 20:17 - 2013-11-15 09:01 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 20:16 - 2009-07-14 06:45 - 00025328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 20:16 - 2009-07-14 06:45 - 00025328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 20:15 - 2014-09-08 20:14 - 01016261 _____ (Thisisu) C:\Users\André\Downloads\JRT.exe
2014-09-08 20:13 - 2014-09-08 20:13 - 00001997 _____ () C:\Users\André\Desktop\AdwCleaner[S0].txt
2014-09-08 20:09 - 2013-05-20 17:01 - 01678498 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 20:08 - 2013-05-22 20:23 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 20:06 - 2013-05-20 17:51 - 00106862 _____ () C:\Windows\PFRO.log
2014-09-08 20:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 20:06 - 2009-07-14 06:51 - 00053268 _____ () C:\Windows\setupact.log
2014-09-08 20:02 - 2014-09-08 19:59 - 00000000 ____D () C:\AdwCleaner
2014-09-08 19:58 - 2014-09-08 19:58 - 01370483 _____ () C:\Users\André\Downloads\adwcleaner_3.309.exe
2014-09-08 19:57 - 2014-09-08 19:57 - 00001160 _____ () C:\Users\André\Desktop\mbam.txt
2014-09-08 19:54 - 2013-05-22 20:23 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 19:38 - 2014-07-11 20:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 19:20 - 2014-09-08 19:20 - 00001264 _____ () C:\Users\André\Desktop\Revo Uninstaller.lnk
2014-09-08 19:20 - 2014-09-08 19:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 19:19 - 2014-09-08 19:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\André\Downloads\revosetup95.exe
2014-09-08 19:00 - 2009-07-14 06:45 - 00411240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 18:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-07 17:39 - 2013-05-29 11:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-07 17:31 - 2013-08-14 09:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-07 17:26 - 2013-05-20 19:53 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-07 17:18 - 2014-05-06 22:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-07 14:33 - 2014-09-07 14:33 - 00002856 _____ () C:\Users\André\Downloads\Gmer.txt
2014-09-07 14:05 - 2013-05-22 20:24 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-07 14:01 - 2014-09-07 14:01 - 00380416 _____ () C:\Users\André\Downloads\y2k1e4lc.exe
2014-09-07 14:01 - 2014-09-07 14:00 - 00380416 _____ () C:\Users\André\Downloads\y32p23dt.exe
2014-09-07 13:36 - 2014-09-07 13:32 - 00026166 _____ () C:\Users\André\Downloads\Addition.txt
2014-09-07 13:30 - 2014-09-07 13:30 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-07 13:30 - 2014-09-07 13:21 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 13:30 - 2013-05-20 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-07 13:30 - 2013-05-20 19:17 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-07 13:23 - 2014-09-07 13:23 - 00000472 _____ () C:\Users\André\Downloads\defogger_disable.log
2014-09-07 13:23 - 2014-09-07 13:23 - 00000000 _____ () C:\Users\André\defogger_reenable
2014-09-07 13:23 - 2013-05-20 17:06 - 00000000 ____D () C:\Users\André
2014-09-07 13:22 - 2013-05-20 19:17 - 00000000 ____D () C:\ProgramData\Avira
2014-09-07 13:21 - 2014-09-07 13:20 - 00050477 _____ () C:\Users\André\Downloads\Defogger.exe
2014-08-25 06:53 - 2013-05-20 18:10 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-09-07 13:52 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-09-07 13:52 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-09-07 13:52 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
Some content of TEMP:
====================
C:\Users\André\AppData\Local\Temp\avgnt.exe
C:\Users\André\AppData\Local\Temp\Quarantine.exe
C:\Users\André\AppData\Local\Temp\vlc-2.1.4-win64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 21:30
==================== End Of Log ============================
Wie soll ich mit dem Inhalt der Avira-Quarantäne vorgehen? |
|
09.09.2014, 20:28
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Fund mit AntivirESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows 7: Fund mit Antivir |
|
10.09.2014, 21:27
| #7 |
| | Windows 7: Fund mit Antivir Leider hat der ESET Online Scanner was gefunden :-( Hier die log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7cc786ce1e9d094b86d4574c8367d179
# engine=20091
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-10 07:33:09
# local_time=2014-09-10 09:33:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 8019 41307487 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 6902 162007439 0 0
# scanned=188813
# found=2
# cleaned=0
# scan_time=6392
sh=AE3DE4432A2344C285D073803A47A46C0958646A ft=1 fh=57d860f9135d6364 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\André\Downloads\PDFCreator-1_7_3_setup.exe"
|
|
11.09.2014, 19:17
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Fund mit Antivir und der Rest?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.09.2014, 20:32
| #9 |
| | Windows 7: Fund mit Antivir Danke für die Hilfe! Sorry, ich dachte, im Falle eines Fundes sind die anderen Scans erstmal hinfällig. Hier also die logs: Security check: Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
HP JavaCard for HP ProtectTools
Java version out of Date!
Google Chrome 35.0.1916.153
Google Chrome 37.0.2062.103
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by André (administrator) on ANDRÉ-PC on 11-09-2014 21:26:53
Running from C:\Users\André\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
() C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Bioscrypt Inc.) C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\asghost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
() C:\Users\André\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Users\André\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [4789248 2013-05-20] (Broadcom Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM-x32\...\Run: [PTHOSTTR] => C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [354360 2009-08-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11227136 2009-07-06] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-07-19] (Infineon Technologies AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-22] (Microsoft Corporation)
HKU\S-1-5-21-3302090839-3622997415-88976330-1000\...\Run: [Amazon Cloud Player] => C:\Users\André\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
AppInit_DLLs: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook64.dll [382224 2009-07-28] (Bioscrypt Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASCredProv64
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E76070A1957CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Credential Manager for HP ProtectTools -> {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> 4BF448B43CCC1486BFCD2772DBB164ED2B4D625439D972070B6E1F9735EDCF52
CHR DefaultSearchURL: Default -> 5ABBABE48F3A20C966CF6A21B75719E750BD828DA97F151722955DCE470C05BC
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\André\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22]
CHR Extension: (Google Drive) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22]
CHR Extension: (Google-Suche) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22]
CHR Extension: (Zotero Connector) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2013-09-07]
CHR Extension: (Avira Browser Safety) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-07]
CHR Extension: (AdBlock) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Google Mail) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-09-07] (Avira Operations GmbH & Co. KG)
R2 ASBroker; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8547176 2009-11-20] (DisplayLink Corp.)
S3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HpFkCryptService; C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard) [File not signed]
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-07-19] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984352 2009-07-19] (Infineon Technologies AG)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-07-19] (Infineon Technologies AG)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4202496 2013-05-20] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-07-19] (Infineon Technologies AG)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [14880 2009-07-29] (SafeBoot International)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [55840 2009-07-29] () [File not signed]
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2007-07-16] (SafeBoot N.V.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15392 2009-07-29] (SafeBoot International)
R3 SMSCIRDA; C:\Windows\System32\DRIVERS\SMSCir64.sys [37760 2007-04-25] (SMSC)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 20:47 - 2014-09-11 20:48 - 00854417 _____ () C:\Users\André\Downloads\SecurityCheck.exe
2014-09-11 20:46 - 2014-09-11 20:46 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 19:44 - 2014-09-10 19:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-10 19:43 - 2014-09-10 19:44 - 02347384 _____ (ESET) C:\Users\André\Downloads\esetsmartinstaller_deu.exe
2014-09-08 20:34 - 2014-09-11 21:26 - 00000000 ____D () C:\Users\André\Downloads\FRST-OlderVersion
2014-09-08 20:14 - 2014-09-08 20:15 - 01016261 _____ (Thisisu) C:\Users\André\Downloads\JRT.exe
2014-09-08 20:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-08 19:59 - 2014-09-08 20:02 - 00000000 ____D () C:\AdwCleaner
2014-09-08 19:58 - 2014-09-08 19:58 - 01370483 _____ () C:\Users\André\Downloads\adwcleaner_3.309.exe
2014-09-08 19:20 - 2014-09-08 19:20 - 00001264 _____ () C:\Users\André\Desktop\Revo Uninstaller.lnk
2014-09-08 19:20 - 2014-09-08 19:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 19:18 - 2014-09-08 19:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\André\Downloads\revosetup95.exe
2014-09-07 17:19 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-07 17:19 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-07 17:19 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-07 17:19 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-07 17:19 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-07 17:19 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-07 17:19 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-07 17:19 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-07 14:33 - 2014-09-07 14:33 - 00002856 _____ () C:\Users\André\Downloads\Gmer.txt
2014-09-07 14:01 - 2014-09-07 14:01 - 00380416 _____ () C:\Users\André\Downloads\y2k1e4lc.exe
2014-09-07 14:00 - 2014-09-07 14:01 - 00380416 _____ () C:\Users\André\Downloads\y32p23dt.exe
2014-09-07 13:56 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-07 13:56 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-07 13:54 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-07 13:54 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-07 13:54 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-07 13:54 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-07 13:54 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-07 13:54 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-07 13:54 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-07 13:53 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-07 13:53 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-07 13:53 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-07 13:52 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-07 13:52 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-07 13:52 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-07 13:52 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-07 13:52 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-07 13:51 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-07 13:51 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-07 13:51 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-07 13:51 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-07 13:51 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-07 13:51 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-07 13:51 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-07 13:51 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-07 13:51 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-07 13:51 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-07 13:51 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-07 13:51 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-07 13:51 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-07 13:51 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-07 13:51 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-07 13:51 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-07 13:51 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-07 13:51 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-07 13:51 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-07 13:51 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-07 13:51 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-07 13:51 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-07 13:51 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-07 13:51 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-07 13:51 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-07 13:51 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-07 13:51 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-07 13:51 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-07 13:51 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-07 13:51 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-07 13:51 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-07 13:51 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-07 13:51 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-07 13:51 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-07 13:51 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-07 13:51 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-07 13:51 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-07 13:51 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-07 13:51 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-07 13:51 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-07 13:51 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-07 13:51 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-07 13:51 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-07 13:51 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-07 13:51 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-07 13:51 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-07 13:51 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-07 13:51 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-07 13:51 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-07 13:51 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-07 13:51 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-07 13:51 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-07 13:51 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-07 13:51 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-07 13:51 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-07 13:51 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-07 13:49 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-07 13:49 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-07 13:32 - 2014-09-07 13:36 - 00026166 _____ () C:\Users\André\Downloads\Addition.txt
2014-09-07 13:26 - 2014-09-11 21:27 - 00000000 ____D () C:\FRST
2014-09-07 13:26 - 2014-09-11 21:26 - 00019626 _____ () C:\Users\André\Downloads\FRST.txt
2014-09-07 13:26 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-07 13:26 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-07 13:26 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-07 13:26 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-07 13:25 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-07 13:25 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-07 13:25 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-07 13:25 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-07 13:25 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-07 13:25 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-07 13:24 - 2014-09-11 21:26 - 02105856 _____ (Farbar) C:\Users\André\Downloads\FRST64.exe
2014-09-07 13:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-07 13:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-07 13:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-07 13:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-07 13:23 - 2014-09-07 13:23 - 00000472 _____ () C:\Users\André\Downloads\defogger_disable.log
2014-09-07 13:23 - 2014-09-07 13:23 - 00000000 _____ () C:\Users\André\defogger_reenable
2014-09-07 13:21 - 2014-09-11 20:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 13:20 - 2014-09-07 13:21 - 00050477 _____ () C:\Users\André\Downloads\Defogger.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 21:28 - 2014-09-07 13:26 - 00019626 _____ () C:\Users\André\Downloads\FRST.txt
2014-09-11 21:27 - 2014-09-07 13:26 - 00000000 ____D () C:\FRST
2014-09-11 21:26 - 2014-09-08 20:34 - 00000000 ____D () C:\Users\André\Downloads\FRST-OlderVersion
2014-09-11 21:26 - 2014-09-07 13:24 - 02105856 _____ (Farbar) C:\Users\André\Downloads\FRST64.exe
2014-09-11 21:16 - 2013-05-20 17:01 - 02009788 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 20:55 - 2013-05-22 20:23 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 20:54 - 2013-05-22 20:23 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 20:53 - 2009-07-14 06:45 - 00025328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 20:53 - 2009-07-14 06:45 - 00025328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 20:48 - 2014-09-11 20:47 - 00854417 _____ () C:\Users\André\Downloads\SecurityCheck.exe
2014-09-11 20:47 - 2014-09-07 13:21 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 20:46 - 2014-09-11 20:46 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 20:46 - 2013-05-20 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 20:44 - 2013-05-20 19:17 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-11 20:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 20:34 - 2009-07-14 06:51 - 00053436 _____ () C:\Windows\setupact.log
2014-09-10 19:44 - 2014-09-10 19:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-10 19:44 - 2014-09-10 19:43 - 02347384 _____ (ESET) C:\Users\André\Downloads\esetsmartinstaller_deu.exe
2014-09-10 19:36 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-09-10 19:36 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-09-10 19:36 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 20:17 - 2013-11-15 09:01 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 20:15 - 2014-09-08 20:14 - 01016261 _____ (Thisisu) C:\Users\André\Downloads\JRT.exe
2014-09-08 20:06 - 2013-05-20 17:51 - 00106862 _____ () C:\Windows\PFRO.log
2014-09-08 20:02 - 2014-09-08 19:59 - 00000000 ____D () C:\AdwCleaner
2014-09-08 19:58 - 2014-09-08 19:58 - 01370483 _____ () C:\Users\André\Downloads\adwcleaner_3.309.exe
2014-09-08 19:38 - 2014-07-11 20:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 19:20 - 2014-09-08 19:20 - 00001264 _____ () C:\Users\André\Desktop\Revo Uninstaller.lnk
2014-09-08 19:20 - 2014-09-08 19:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 19:19 - 2014-09-08 19:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\André\Downloads\revosetup95.exe
2014-09-08 19:00 - 2009-07-14 06:45 - 00411240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 18:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-07 17:39 - 2013-05-29 11:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-07 17:31 - 2013-08-14 09:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-07 17:26 - 2013-05-20 19:53 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-07 17:18 - 2014-05-06 22:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-07 14:33 - 2014-09-07 14:33 - 00002856 _____ () C:\Users\André\Downloads\Gmer.txt
2014-09-07 14:05 - 2013-05-22 20:24 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-07 14:01 - 2014-09-07 14:01 - 00380416 _____ () C:\Users\André\Downloads\y2k1e4lc.exe
2014-09-07 14:01 - 2014-09-07 14:00 - 00380416 _____ () C:\Users\André\Downloads\y32p23dt.exe
2014-09-07 13:36 - 2014-09-07 13:32 - 00026166 _____ () C:\Users\André\Downloads\Addition.txt
2014-09-07 13:23 - 2014-09-07 13:23 - 00000472 _____ () C:\Users\André\Downloads\defogger_disable.log
2014-09-07 13:23 - 2014-09-07 13:23 - 00000000 _____ () C:\Users\André\defogger_reenable
2014-09-07 13:23 - 2013-05-20 17:06 - 00000000 ____D () C:\Users\André
2014-09-07 13:22 - 2013-05-20 19:17 - 00000000 ____D () C:\ProgramData\Avira
2014-09-07 13:21 - 2014-09-07 13:20 - 00050477 _____ () C:\Users\André\Downloads\Defogger.exe
2014-08-25 06:53 - 2013-05-20 18:10 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-09-07 13:52 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-09-07 13:52 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-09-07 13:52 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
Some content of TEMP:
====================
C:\Users\André\AppData\Local\Temp\avgnt.exe
C:\Users\André\AppData\Local\Temp\Quarantine.exe
C:\Users\André\AppData\Local\Temp\vlc-2.1.4-win64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 21:30
==================== End Of Log ============================
|
|
12.09.2014, 19:57
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Fund mit Antivir Java updaten. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Fund mit Antivir |
| 4d36e972-e325-11ce-bfc1-08002be10318, adware, appl/domaiq.gen, avira, branding, defender, desktop, device driver, excel, fehlercode 0x00000003, fehlercode 0xc0000005, fehlercode 1, installation, launch, problem, programm, rundll, security, services.exe, software, system, tracker, win32/installmonetizer.aq, win64/systweak.a, windows |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
