![]() |
|
Log-Analyse und Auswertung: Windows 7: Fund mit AntivirWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Windows 7: Fund mit Antivir Liebe Helfer, leider habe ich erneut ein Problem mit meinem PC. Bei einem Antivir-Suchlauf ist kürzlich eine Bedrohung (APPL/DomaIQ.Gen) aufgetaucht. Ich habe die entsprechende Datei direkt in Quarantäne verschoben. Als ich eben die Quarantäne aufgerufen habe fiel mir auf, dass da noch weitere Dateien von einer früheren Bedrohung, die ich Dank euch beseitigt geglaubt habe, drin sind. Kann und sollte ich die irgendwie löschen? Hier erstmal die Logfiles, die ich aufgrund der aktuellen Bedrohung erstellt habe: FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014 Ran by André (administrator) on ANDRÉ-PC on 07-09-2014 13:26:51 Running from C:\Users\André\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (McAfee, Inc.) C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE (ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe (Bioscrypt Inc.) C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\asghost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\Install\{7031EF6A-CD1B-4EDC-A366-18B7EDBCA85F}\37.0.2062.103_chrome_installer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (Google Inc.) C:\Windows\Temp\CR_8F980.tmp\setup.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE () C:\Users\André\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe () C:\Users\André\Downloads\Defogger.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated) HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity) HKLM\...\Run: [] => [X] HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [4789248 2013-05-20] (Broadcom Corporation) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.) HKLM-x32\...\Run: [PTHOSTTR] => C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [354360 2009-08-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11227136 2009-07-06] (Hewlett-Packard) HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-07-19] (Infineon Technologies AG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-09-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-22] (Microsoft Corporation) HKU\S-1-5-21-3302090839-3622997415-88976330-1000\...\Run: [Amazon Cloud Player] => C:\Users\André\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] () AppInit_DLLs: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook64.dll [382224 2009-07-28] (Bioscrypt Inc.) AppInit_DLLs-x32: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASCredProv64 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E76070A1957CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Credential Manager for HP ProtectTools -> {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.) BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Profile: C:\Users\André\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-22] CHR Extension: (Google Drive) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-22] CHR Extension: (YouTube) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-22] CHR Extension: (Google-Suche) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-22] CHR Extension: (Zotero Connector) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2013-09-07] CHR Extension: (AdBlock) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-29] CHR Extension: (Google Wallet) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05] CHR Extension: (Google Mail) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-22] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity) R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-09-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-09-07] (Avira Operations GmbH & Co. KG) R2 ASBroker; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.) R2 ASChannel; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG) R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8547176 2009-11-20] (DisplayLink Corp.) S3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [File not signed] R2 HpFkCryptService; C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.) R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard) [File not signed] R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-07-19] (Infineon Technologies AG) R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984352 2009-07-19] (Infineon Technologies AG) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-07-19] (Infineon Technologies AG) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4202496 2013-05-20] (Broadcom Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG) R3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-07-19] (Infineon Technologies AG) R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [14880 2009-07-29] (SafeBoot International) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [55840 2009-07-29] () [File not signed] R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2007-07-16] (SafeBoot N.V.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15392 2009-07-29] (SafeBoot International) R3 SMSCIRDA; C:\Windows\System32\DRIVERS\SMSCir64.sys [37760 2007-04-25] (SMSC) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-07 13:30 - 2014-09-07 13:30 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-09-07 13:26 - 2014-09-07 13:31 - 00019672 _____ () C:\Users\André\Downloads\FRST.txt 2014-09-07 13:26 - 2014-09-07 13:27 - 00000000 ____D () C:\FRST 2014-09-07 13:26 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-09-07 13:26 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-09-07 13:26 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-09-07 13:26 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-09-07 13:24 - 2014-09-07 13:25 - 02104832 _____ (Farbar) C:\Users\André\Downloads\FRST64.exe 2014-09-07 13:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-09-07 13:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-09-07 13:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-09-07 13:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-09-07 13:23 - 2014-09-07 13:23 - 00000472 _____ () C:\Users\André\Downloads\defogger_disable.log 2014-09-07 13:23 - 2014-09-07 13:23 - 00000000 _____ () C:\Users\André\defogger_reenable 2014-09-07 13:21 - 2014-09-07 13:30 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-07 13:20 - 2014-09-07 13:21 - 00050477 _____ () C:\Users\André\Downloads\Defogger.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-07 13:31 - 2014-09-07 13:26 - 00019672 _____ () C:\Users\André\Downloads\FRST.txt 2014-09-07 13:30 - 2014-09-07 13:30 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-09-07 13:30 - 2014-09-07 13:21 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-07 13:30 - 2013-05-20 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-09-07 13:30 - 2013-05-20 19:17 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-09-07 13:27 - 2014-09-07 13:26 - 00000000 ____D () C:\FRST 2014-09-07 13:27 - 2013-05-22 20:23 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-07 13:27 - 2013-05-20 17:01 - 01980806 _____ () C:\Windows\WindowsUpdate.log 2014-09-07 13:25 - 2014-09-07 13:24 - 02104832 _____ (Farbar) C:\Users\André\Downloads\FRST64.exe 2014-09-07 13:23 - 2014-09-07 13:23 - 00000472 _____ () C:\Users\André\Downloads\defogger_disable.log 2014-09-07 13:23 - 2014-09-07 13:23 - 00000000 _____ () C:\Users\André\defogger_reenable 2014-09-07 13:23 - 2013-05-20 17:06 - 00000000 ____D () C:\Users\André 2014-09-07 13:22 - 2013-05-20 19:17 - 00000000 ____D () C:\ProgramData\Avira 2014-09-07 13:21 - 2014-09-07 13:20 - 00050477 _____ () C:\Users\André\Downloads\Defogger.exe 2014-09-07 13:03 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-07 13:03 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-07 12:55 - 2013-05-22 20:23 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-07 12:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-07 12:53 - 2009-07-14 06:51 - 00053156 _____ () C:\Windows\setupact.log Some content of TEMP: ==================== C:\Users\André\AppData\Local\Temp\avgnt.exe C:\Users\André\AppData\Local\Temp\vlc-2.1.4-win64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 21:30 ==================== End Of Log ============================ Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2014 Ran by André at 2014-09-07 13:32:38 Running from C:\Users\André\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ActivClient x64 (Version: 6.2 - ActivIdentity) Hidden Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC) ATI Catalyst Install Manager (HKLM\...\{005B4A7D-A60B-CB64-80DA-8EAAF3A70807}) (Version: 3.0.715.0 - ATI Technologies, Inc.) AuthenTec Fingerprint System (Version: 8.0.202.0 - AuthenTec, Inc.) Hidden Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira) BIOS Configuration for HP ProtectTools (HKLM-x32\...\{1960BE46-E85A-4933-B10A-6D8516585288}) (Version: 4.00 E1 - Hewlett-Packard) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation) Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.60.18.12 - Broadcom Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2009.0521.2235.38731 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0521.2235.38731 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2009.0521.2235.38731 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2009.0521.2235.38731 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2009.0521.2235.38731 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2009.0521.2235.38731 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Czech (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Danish (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Dutch (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help English (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Finnish (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help French (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help German (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Greek (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Hungarian (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Italian (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Japanese (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Korean (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Norwegian (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Polish (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Portuguese (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Russian (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Spanish (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Swedish (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Thai (x32 Version: 2009.0521.2234.38731 - ATI) Hidden CCC Help Turkish (x32 Version: 2009.0521.2234.38731 - ATI) Hidden ccc-core-static (x32 Version: 2009.0521.2235.38731 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2009.0521.2235.38731 - ATI) Hidden Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Credential Manager for HP ProtectTools (x32 Version: 4.1.6.1484 - Hewlett-Packard Company) Hidden DisplayLink Core Software (HKLM\...\{8FCE3895-45F7-4C42-9AB2-4A6D6ED6324F}) (Version: 5.2.22271.0 - DisplayLink Corp.) Drive Encryption for HP ProtectTools (Version: 4.0.24 - Hewlett-Packard) Hidden Embedded Security for HP ProtectTools (HKLM\...\{4599ECEA-44C6-418C-9F66-9AAF5561CBDC}) (Version: 5.6.000 - Hewlett-Packard) File Sanitizer For HP ProtectTools (HKLM-x32\...\{789C97CE-9E17-4126-BDF4-11FF458BF705}) (Version: 1.0.1.10 - Hewlett-Packard) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden HP Battery Check (HKLM-x32\...\HP Battery Check) (Version: 4.0.17.0 - Hewlett-Packard) HP Battery Check (x32 Version: 4.0.17.0 - Hewlett-Packard) Hidden HP ESU for Microsoft Windows 7 (HKLM-x32\...\{4850C1AE-BD1D-468C-9ABC-5486DC21E1E5}) (Version: 1.0.3.1 - Hewlett-Packard) HP JavaCard for HP ProtectTools (x32 Version: 04.10.10.0003 - Hewlett-Packard) Hidden HP ProtectTools Security Manager (x32 Version: 04.10.10.0003 - Hewlett-Packard) Hidden HP ProtectTools Security Manager Suite (HKLM-x32\...\{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}) (Version: 04.10.10.0003 - Hewlett-Packard) HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company) HP System Default Settings (HKLM-x32\...\{B9293A66-5F9A-4442-B690-922EF5A501DB}) (Version: 2.2.1 - Hewlett-Packard Company) HP USB Docking Video (HKLM\...\{AD73C813-335F-45E7-9772-A4583FDFD177}) (Version: 5.2.22372.0 - Hewlett-Packard) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MKVToolNix 6.2.0 (HKLM-x32\...\MKVToolNix) (Version: 6.2.0 - Moritz Bunkus) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd) QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379y) (Version: 7.80.3.52 - Conexant Systems) SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.5240 - Analog Devices) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 09-07-2014 20:13:20 Installed PDF Architect 2 View Module 09-07-2014 20:57:49 Windows Update 11-07-2014 18:41:39 Removed PDF Architect 2 View Module 02-08-2014 12:39:29 Windows Update 07-09-2014 11:21:34 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {134D0CDE-5206-4255-8522-CF69DA242F94} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control Task: {3553DDC2-39C0-49C1-86E8-2AC48F21B2E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.) Task: {5AB0C22A-0120-4142-98BF-B0BC014E3808} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-05-20 17:45 - 2013-05-20 17:45 - 00033280 _____ () C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE 2013-12-16 20:34 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\André\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe 2013-05-22 21:41 - 2013-05-22 21:41 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll 2008-11-25 10:19 - 2008-11-25 10:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx 2008-12-18 15:03 - 2008-12-18 15:03 - 00020480 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-09-07 13:20 - 2014-09-07 13:21 - 00050477 _____ () C:\Users\André\Downloads\Defogger.exe 2014-03-12 22:53 - 2014-03-12 22:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2014-06-13 19:49 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll 2014-06-13 19:49 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll 2014-06-13 19:49 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-06-13 19:49 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-06-13 19:49 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll 2014-09-07 13:23 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\ANDR~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll 2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll 2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/13/2014 11:12:09 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Kontext: Anwendung, SystemIndex Katalog Error: (02/01/2014 11:37:42 AM) (Source: MsiInstaller) (EventID: 1024) (User: André-PC) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011006}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (12/28/2013 08:08:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.60.18.12, Zeitstempel: 0x4aa6f143 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007ff003d9c28 ID des fehlerhaften Prozesses: 0x724 Startzeit der fehlerhaften Anwendung: 0xbcmwltry.exe0 Pfad der fehlerhaften Anwendung: bcmwltry.exe1 Pfad des fehlerhaften Moduls: bcmwltry.exe2 Berichtskennung: bcmwltry.exe3 Error: (12/08/2013 05:57:52 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16b4 Startzeit: 01cef42df5a95197 Endzeit: 35 Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Berichts-ID: 69049e05-6021-11e3-bf41-001b38c3b66c Error: (11/05/2013 10:58:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm avscan.exe, Version 13.6.20.2100 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1378 Startzeit: 01ceda692724f05c Endzeit: 60000 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe Berichts-ID: 9832749d-465c-11e3-b5db-001b38c3b66c Error: (09/12/2013 02:08:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: André-PC) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011004}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (08/09/2013 08:38:23 AM) (Source: acvpninstall) (EventID: 2) (User: ) Description: Function: wWinMain File: .\InstallHelper.cpp Line: 354 Invoked Function: FileMoveFiles Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Error: (08/09/2013 08:38:23 AM) (Source: acvpninstall) (EventID: 2) (User: ) Description: Function: FileMoveFiles File: ..\Common\Utility\NativeSysFileCopy.cpp Line: 388 Invoked Function: ::FindFirstFile Return Code: 3 (0x00000003) Description: Das System kann den angegebenen Pfad nicht finden. Error: (08/09/2013 08:38:23 AM) (Source: acvpninstall) (EventID: 2) (User: ) Description: Function: wWinMain File: .\InstallHelper.cpp Line: 354 Invoked Function: FileMoveFiles Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Error: (08/09/2013 08:38:23 AM) (Source: acvpninstall) (EventID: 2) (User: ) Description: Function: FileMoveFiles File: ..\Common\Utility\NativeSysFileCopy.cpp Line: 388 Invoked Function: ::FindFirstFile Return Code: 3 (0x00000003) Description: Das System kann den angegebenen Pfad nicht finden. System errors: ============= Error: (09/07/2014 00:57:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht. Error: (08/02/2014 02:55:40 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {7429F543-2A60-4CB7-8BC5-F27EA898FB44} Error: (08/02/2014 02:54:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst upnphost erreicht. Error: (08/02/2014 02:32:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/02/2014 02:32:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error: (08/02/2014 02:31:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht. Error: (07/11/2014 09:27:25 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {7429F543-2A60-4CB7-8BC5-F27EA898FB44} Error: (07/11/2014 09:19:56 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {7429F543-2A60-4CB7-8BC5-F27EA898FB44} Error: (07/09/2014 10:55:50 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {7429F543-2A60-4CB7-8BC5-F27EA898FB44} Error: (07/08/2014 09:58:26 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {7429F543-2A60-4CB7-8BC5-F27EA898FB44} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz Percentage of memory in use: 72% Total physical RAM: 3071.3 MB Available physical RAM: 853.63 MB Total Pagefile: 6140.79 MB Available Pagefile: 2260.4 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.43 GB) (Free:7.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 81998F82) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-09-07 14:33:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800BEVT-75ZCT2 rev.11.01A11 74,53GB Running: y2k1e4lc.exe; Driver: C:\Users\ANDR~1\AppData\Local\Temp\fglorpob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002dad000 63 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002dad040 1 byte [10] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e31465 2 bytes [E3, 75] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e314bb 2 bytes [E3, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\spoolsv.exe [1988:2960] 000007fef5f710c8 Thread C:\Windows\System32\spoolsv.exe [1988:2968] 000007fef5f36144 Thread C:\Windows\System32\spoolsv.exe [1988:2972] 000007fef5d25fd0 Thread C:\Windows\System32\spoolsv.exe [1988:2976] 000007fef5d13438 Thread C:\Windows\System32\spoolsv.exe [1988:2980] 000007fef5d263ec Thread C:\Windows\System32\spoolsv.exe [1988:2988] 000007fef6025e5c Thread C:\Windows\System32\spoolsv.exe [1988:2992] 000007fef60d5074 Thread C:\Windows\System32\spoolsv.exe [1988:2160] 000007fef6142288 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4864:5152] 000007fefb622bf8 ---- EOF - GMER 2.1 ---- Ich hoffe ich habe nicht vergessen und möchte mich schon einmal im Voraus für eure Hilfe bedanken! |
Themen zu Windows 7: Fund mit Antivir |
4d36e972-e325-11ce-bfc1-08002be10318, adware, appl/domaiq.gen, avira, branding, defender, desktop, device driver, excel, fehlercode 0x00000003, fehlercode 0xc0000005, fehlercode 1, installation, launch, problem, programm, rundll, security, services.exe, software, system, tracker, win32/installmonetizer.aq, win64/systweak.a, windows |