| |
| |||||||
Log-Analyse und Auswertung: Windows7: Backdoor.0Access; PUP.Optional.ConduitA; PUP.Optional.SoftonicA gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.09.2014, 22:47
| #1 |
| |  Windows7: Backdoor.0Access; PUP.Optional.ConduitA; PUP.Optional.SoftonicA gefunden Guten Abend, ich möchte mich mit der Bitte um Hilfe an Euch wenden. Leider bin ich PC-technisch betrachtet eine Dumme Nuss, was schon daran zu sehen, ist, dass ich diese Trojaner und Viren (?) wohl schon eine Weile auf dem PC habe. Mir ist seit einiger Zeit aufgefallen, dass der Rechner länger zum Hochfahren und zum Runterfahren braucht. Bei letzterem erschien immer eine Warnung, dass noch Programme geöffnet wären, obwohl ich ganz offensichtlich alles geschlossen hatte. Gestern fiel mir nun auf, dass immer wieder kurze Geräusche aus meinen Computer kamen. Auch erscheint es mir so, als blinke in der rechten unteren Desktopecke immer kurzzeitig etwas auf, leider konnte ich es nur aus dem Augenwinkel sehen. Ich habe gestern mal wieder Malwarebytes laufen lassen und dabei bemerkt, dass da o.g. Trojaner (?) schon seit längerem in Quarantäne sind. Ebenso habe ich etwas altes bei Avira gefunden. Der PC-Cleaner von Avira zeigt mir an, dass er 3 (?) Schadsoftwares gefunden habe, diese lässt sich aber nicht entfernen (TR/Yakes.dznenyb). Ich hoffe, dass ich die Files richtig eingefügt habe. Vielen herzlichen dank im Voraus für Eure Mühe sagt die Dumme Nuss Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:01 on 22/09/2014 (pinocchia)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01 Ran by pinocchia (administrator) on SUSI_SORGLOS-PC on 22-09-2014 22:07:08 Running from C:\Users\pinocchia\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG) HKU\.DEFAULT\...\RunOnce: [WLStart] => "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage HKU\S-1-5-21-1222589499-1032054173-1368976819-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-1222589499-1032054173-1368976819-1003\...\MountPoints2: E - E:\wubi.exe HKU\S-1-5-21-1222589499-1032054173-1368976819-1003\...\MountPoints2: {8d450f9e-3b3d-11e0-8420-002622e15605} - G:\autorun.exe Startup: C:\Users\pinocchia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ SearchScopes: HKLM - DefaultScope value is missing. BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - No File Tcpip\..\Interfaces\{DE8C6625-91CB-401E-B264-6449A2635FC9}: [NameServer] 195.50.140.180 195.50.140.114 FireFox: ======== FF ProfilePath: C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647\searchplugins\avira-safesearch.xml FF SearchPlugin: C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647\searchplugins\google-images.xml FF SearchPlugin: C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647\searchplugins\googlemaps.xml FF SearchPlugin: C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647\searchplugins\metager.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647\Extensions\abs@avira.com [2014-09-21] FF Extension: Cliqz Beta - C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647\Extensions\cliqz@cliqz.com [2014-09-21] FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647\Extensions\donottrackplus@abine.com [2014-07-12] FF Extension: Avira SafeSearch - C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647\Extensions\safesearch@avira.com [2014-08-07] FF Extension: Adblock Plus - C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-10] FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-05-06] FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\47tk87c4.default-1404967389647\extensions\cliqz@cliqz.com Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG) R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited) S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited) S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited) R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation) R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-05-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG) S3 Bridge0; C:\windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo) S3 Cam5607; C:\windows\System32\Drivers\BisonC07.sys [1168880 2009-06-26] (Bison Electronics. Inc. ) R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [54800 2010-01-06] () R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R3 wdmirror; C:\windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider) S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink) S3 MEMSWEEP2; \??\C:\windows\system32\41E0.tmp [X] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [X] U3 ffrdiuoc; \??\C:\Users\PINOCC~1\AppData\Local\Temp\ffrdiuoc.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-22 22:03 - 2014-09-22 22:07 - 00016756 _____ () C:\Users\pinocchia\Desktop\FRST.txt 2014-09-22 22:03 - 2014-09-22 22:03 - 01097728 _____ (Farbar) C:\Users\pinocchia\Desktop\FRST.exe 2014-09-22 22:01 - 2014-09-22 22:02 - 00000480 _____ () C:\Users\pinocchia\Desktop\defogger_disable.log 2014-09-22 22:01 - 2014-09-22 22:01 - 00050477 _____ () C:\Users\pinocchia\Desktop\Defogger.exe 2014-09-22 21:49 - 2014-09-22 21:49 - 02278856 _____ () C:\Users\Fuck You\Downloads\avira_pc_cleaner_de.exe 2014-09-22 21:49 - 2014-09-22 21:49 - 00002045 _____ () C:\Users\Fuck You\Desktop\Entfernen des Avira PC Cleaners.lnk 2014-09-22 21:49 - 2014-09-22 21:49 - 00001989 _____ () C:\Users\Fuck You\Desktop\Avira PC Cleaner.lnk 2014-09-22 21:12 - 2014-09-22 21:12 - 344824929 _____ () C:\windows\MEMORY.DMP 2014-09-22 21:12 - 2014-09-22 21:12 - 00145296 _____ () C:\windows\Minidump\092214-21481-01.dmp 2014-09-22 20:38 - 2014-09-22 21:41 - 00000000 ____D () C:\Users\Fuck You\Documents\Citavi 4 2014-09-22 20:38 - 2014-09-22 20:38 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Swiss Academic Software 2014-09-22 20:37 - 2014-09-22 20:37 - 00000000 ___SD () C:\Users\Fuck You\Documents\Meine Shapes 2014-09-22 20:35 - 2014-09-22 20:35 - 00380416 _____ () C:\Users\Fuck You\Downloads\Gmer-19357.exe 2014-09-22 20:34 - 2014-09-22 20:34 - 00029829 _____ () C:\Users\Fuck You\Desktop\Addition.txt 2014-09-22 20:34 - 2014-09-22 20:34 - 00028817 _____ () C:\Users\Fuck You\Desktop\FRST.txt 2014-09-22 20:33 - 2014-09-22 20:33 - 00029829 _____ () C:\Users\Fuck You\Downloads\Addition.txt 2014-09-22 20:32 - 2014-09-22 22:07 - 00000000 ____D () C:\FRST 2014-09-22 20:32 - 2014-09-22 20:33 - 00028817 _____ () C:\Users\Fuck You\Downloads\FRST.txt 2014-09-22 20:31 - 2014-09-22 20:31 - 01097728 _____ (Farbar) C:\Users\Fuck You\Downloads\FRST.exe 2014-09-22 20:30 - 2014-09-22 20:30 - 00000480 _____ () C:\Users\Fuck You\Downloads\defogger_disable.log 2014-09-22 20:30 - 2014-09-22 20:30 - 00000000 _____ () C:\Users\pinocchia\defogger_reenable 2014-09-22 20:28 - 2014-09-22 20:28 - 00050477 _____ () C:\Users\Fuck You\Downloads\Defogger.exe 2014-09-22 19:33 - 2014-09-22 19:33 - 01373475 _____ () C:\Users\Fuck You\Downloads\AdwCleaner_3.310.exe 2014-09-22 01:26 - 2014-09-22 01:26 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Macromedia 2014-09-22 01:26 - 2014-09-22 01:26 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Adobe 2014-09-22 01:26 - 2014-09-22 01:26 - 00000000 ____D () C:\Users\Fuck You\AppData\Local\Macromedia 2014-09-22 01:16 - 2014-09-22 01:16 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Avira 2014-09-22 01:15 - 2014-09-22 01:15 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Thunderbird 2014-09-22 01:15 - 2014-09-22 01:15 - 00000000 ____D () C:\Users\Fuck You\AppData\Local\Thunderbird 2014-09-22 01:14 - 2014-09-22 01:14 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Mozilla 2014-09-22 01:14 - 2014-09-22 01:14 - 00000000 ____D () C:\Users\Fuck You\AppData\Local\Mozilla 2014-09-22 01:12 - 2014-09-22 01:12 - 00114128 _____ () C:\Users\Fuck You\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-22 01:11 - 2014-09-22 01:11 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Apple Computer 2014-09-22 01:07 - 2014-09-22 21:16 - 00000224 _____ () C:\windows\setupact.log 2014-09-22 01:07 - 2014-09-22 01:11 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2014-09-22 01:07 - 2014-09-22 01:11 - 00000000 ____D () C:\Users\Fuck You\AppData\Local\VirtualStore 2014-09-22 01:07 - 2014-09-22 01:10 - 00000000 ____D () C:\Users\Fuck You 2014-09-22 01:07 - 2014-09-22 01:07 - 00000020 ___SH () C:\Users\Fuck You\ntuser.ini 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\Startmenü 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\Netzwerkumgebung 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\Druckumgebung 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\Documents\Eigene Musik 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\Documents\Eigene Bilder 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\AppData\Local\Verlauf 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _____ () C:\windows\setuperr.log 2014-09-22 01:07 - 2014-04-09 23:59 - 00002082 _____ () C:\Users\Fuck You\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-09-22 01:07 - 2011-01-27 04:04 - 00000000 ____D () C:\Users\Fuck You\AppData\Local\Microsoft Help 2014-09-22 01:07 - 2010-01-06 01:25 - 00001098 _____ () C:\Users\Fuck You\Desktop\Cyberlink Power2Go.lnk 2014-09-22 01:07 - 2009-11-16 14:10 - 00002257 _____ () C:\Users\Fuck You\Desktop\OneKey Recovery.lnk 2014-09-22 01:07 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Fuck You\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-09-22 01:07 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Fuck You\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-09-22 01:06 - 2014-09-22 01:06 - 00001276 _____ () C:\windows\PFRO.log 2014-09-21 23:02 - 2014-09-21 23:02 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\pinocchia\Downloads\avira_de_av___ws.exe 2014-09-21 21:42 - 2014-09-21 21:42 - 01373475 _____ () C:\Users\pinocchia\Desktop\adwcleaner_3.310.exe 2014-09-21 21:14 - 2014-09-21 21:14 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-21 21:13 - 2014-09-21 23:06 - 00000000 ____D () C:\Program Files\CHIP Updater 2014-09-21 21:13 - 2014-09-21 21:13 - 00000000 ____D () C:\Users\pinocchia\AppData\Roaming\Abelssoft 2014-09-21 21:13 - 2014-09-21 21:13 - 00000000 ____D () C:\Users\pinocchia\AppData\Local\Abelssoft 2014-09-21 21:13 - 2014-09-21 21:13 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-09-21 21:13 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\windows\system32\dhRichClient3.dll 2014-09-21 21:13 - 2011-03-25 20:42 - 00338432 _____ () C:\windows\system32\sqlite36_engine.dll 2014-09-21 21:11 - 2014-09-21 21:11 - 00000000 ____D () C:\Users\pinocchia\AppData\Roaming\LavasoftStatistics 2014-09-21 21:10 - 2014-09-21 21:10 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-09-19 09:52 - 2014-09-19 09:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-11 08:22 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-11 08:22 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-11 08:22 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-11 08:22 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-11 08:22 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-11 08:22 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-11 08:22 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-11 08:22 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2014-09-11 08:22 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-11 08:22 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-11 08:22 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-11 08:22 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2014-09-11 08:22 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-11 08:22 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-11 08:22 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-11 08:22 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2014-09-11 08:22 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-11 08:22 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-11 08:22 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-11 08:22 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2014-09-11 08:22 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2014-09-11 08:21 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-09-11 07:09 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-09-11 07:09 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-11 07:09 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-09-11 07:09 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-09-11 07:08 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-11 07:08 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-08-28 20:24 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-28 20:24 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-22 22:07 - 2014-09-22 22:03 - 00016756 _____ () C:\Users\pinocchia\Desktop\FRST.txt 2014-09-22 22:07 - 2014-09-22 20:32 - 00000000 ____D () C:\FRST 2014-09-22 22:03 - 2014-09-22 22:03 - 01097728 _____ (Farbar) C:\Users\pinocchia\Desktop\FRST.exe 2014-09-22 22:02 - 2014-09-22 22:01 - 00000480 _____ () C:\Users\pinocchia\Desktop\defogger_disable.log 2014-09-22 22:02 - 2012-08-21 17:33 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-22 22:01 - 2014-09-22 22:01 - 00050477 _____ () C:\Users\pinocchia\Desktop\Defogger.exe 2014-09-22 21:58 - 2014-04-08 21:11 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-22 21:58 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\tracing 2014-09-22 21:49 - 2014-09-22 21:49 - 02278856 _____ () C:\Users\Fuck You\Downloads\avira_pc_cleaner_de.exe 2014-09-22 21:49 - 2014-09-22 21:49 - 00002045 _____ () C:\Users\Fuck You\Desktop\Entfernen des Avira PC Cleaners.lnk 2014-09-22 21:49 - 2014-09-22 21:49 - 00001989 _____ () C:\Users\Fuck You\Desktop\Avira PC Cleaner.lnk 2014-09-22 21:41 - 2014-09-22 20:38 - 00000000 ____D () C:\Users\Fuck You\Documents\Citavi 4 2014-09-22 21:25 - 2009-07-14 06:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-22 21:25 - 2009-07-14 06:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-22 21:24 - 2013-10-27 10:24 - 01059966 _____ () C:\windows\WindowsUpdate.log 2014-09-22 21:21 - 2009-11-16 14:06 - 01751858 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-22 21:19 - 2010-04-27 22:48 - 00000443 _____ () C:\windows\system32\Drivers\etc\hosts.ics 2014-09-22 21:16 - 2014-09-22 01:07 - 00000224 _____ () C:\windows\setupact.log 2014-09-22 21:16 - 2013-05-09 17:10 - 00065536 _____ () C:\windows\system32\Ikeext.etl 2014-09-22 21:16 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-22 21:12 - 2014-09-22 21:12 - 344824929 _____ () C:\windows\MEMORY.DMP 2014-09-22 21:12 - 2014-09-22 21:12 - 00145296 _____ () C:\windows\Minidump\092214-21481-01.dmp 2014-09-22 21:12 - 2010-04-18 19:07 - 00000000 ____D () C:\windows\Minidump 2014-09-22 20:38 - 2014-09-22 20:38 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Swiss Academic Software 2014-09-22 20:37 - 2014-09-22 20:37 - 00000000 ___SD () C:\Users\Fuck You\Documents\Meine Shapes 2014-09-22 20:35 - 2014-09-22 20:35 - 00380416 _____ () C:\Users\Fuck You\Downloads\Gmer-19357.exe 2014-09-22 20:34 - 2014-09-22 20:34 - 00029829 _____ () C:\Users\Fuck You\Desktop\Addition.txt 2014-09-22 20:34 - 2014-09-22 20:34 - 00028817 _____ () C:\Users\Fuck You\Desktop\FRST.txt 2014-09-22 20:33 - 2014-09-22 20:33 - 00029829 _____ () C:\Users\Fuck You\Downloads\Addition.txt 2014-09-22 20:33 - 2014-09-22 20:32 - 00028817 _____ () C:\Users\Fuck You\Downloads\FRST.txt 2014-09-22 20:31 - 2014-09-22 20:31 - 01097728 _____ (Farbar) C:\Users\Fuck You\Downloads\FRST.exe 2014-09-22 20:30 - 2014-09-22 20:30 - 00000480 _____ () C:\Users\Fuck You\Downloads\defogger_disable.log 2014-09-22 20:30 - 2014-09-22 20:30 - 00000000 _____ () C:\Users\pinocchia\defogger_reenable 2014-09-22 20:30 - 2010-04-17 12:14 - 00000000 ____D () C:\Users\pinocchia 2014-09-22 20:28 - 2014-09-22 20:28 - 00050477 _____ () C:\Users\Fuck You\Downloads\Defogger.exe 2014-09-22 19:49 - 2014-04-08 21:56 - 00000000 ____D () C:\AdwCleaner 2014-09-22 19:33 - 2014-09-22 19:33 - 01373475 _____ () C:\Users\Fuck You\Downloads\AdwCleaner_3.310.exe 2014-09-22 01:26 - 2014-09-22 01:26 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Macromedia 2014-09-22 01:26 - 2014-09-22 01:26 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Adobe 2014-09-22 01:26 - 2014-09-22 01:26 - 00000000 ____D () C:\Users\Fuck You\AppData\Local\Macromedia 2014-09-22 01:16 - 2014-09-22 01:16 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Avira 2014-09-22 01:15 - 2014-09-22 01:15 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Thunderbird 2014-09-22 01:15 - 2014-09-22 01:15 - 00000000 ____D () C:\Users\Fuck You\AppData\Local\Thunderbird 2014-09-22 01:14 - 2014-09-22 01:14 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Mozilla 2014-09-22 01:14 - 2014-09-22 01:14 - 00000000 ____D () C:\Users\Fuck You\AppData\Local\Mozilla 2014-09-22 01:12 - 2014-09-22 01:12 - 00114128 _____ () C:\Users\Fuck You\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-22 01:11 - 2014-09-22 01:11 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Apple Computer 2014-09-22 01:11 - 2014-09-22 01:07 - 00000000 ____D () C:\Users\Fuck You\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2014-09-22 01:11 - 2014-09-22 01:07 - 00000000 ____D () C:\Users\Fuck You\AppData\Local\VirtualStore 2014-09-22 01:10 - 2014-09-22 01:07 - 00000000 ____D () C:\Users\Fuck You 2014-09-22 01:07 - 2014-09-22 01:07 - 00000020 ___SH () C:\Users\Fuck You\ntuser.ini 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\Startmenü 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\Netzwerkumgebung 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\Druckumgebung 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\Documents\Eigene Musik 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\Documents\Eigene Bilder 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _SHDL () C:\Users\Fuck You\AppData\Local\Verlauf 2014-09-22 01:07 - 2014-09-22 01:07 - 00000000 _____ () C:\windows\setuperr.log 2014-09-22 01:07 - 2009-07-14 06:33 - 00414944 _____ () C:\windows\system32\FNTCACHE.DAT 2014-09-22 01:06 - 2014-09-22 01:06 - 00001276 _____ () C:\windows\PFRO.log 2014-09-21 23:07 - 2014-08-20 16:47 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-09-21 23:06 - 2014-09-21 21:13 - 00000000 ____D () C:\Program Files\CHIP Updater 2014-09-21 23:04 - 2014-08-07 10:05 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-21 23:04 - 2012-10-17 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-09-21 23:04 - 2012-10-17 08:32 - 00000000 ____D () C:\Program Files\Avira 2014-09-21 23:02 - 2014-09-21 23:02 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\pinocchia\Downloads\avira_de_av___ws.exe 2014-09-21 22:17 - 2010-04-22 23:51 - 00000000 ____D () C:\Linksammlung 2014-09-21 22:01 - 2010-04-17 12:14 - 00001080 _____ () C:\Users\pinocchia\Desktop\Cyberlink Power2Go.lnk 2014-09-21 21:42 - 2014-09-21 21:42 - 01373475 _____ () C:\Users\pinocchia\Desktop\adwcleaner_3.310.exe 2014-09-21 21:15 - 2010-04-17 12:15 - 00114128 _____ () C:\Users\pinocchia\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-21 21:14 - 2014-09-21 21:14 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-21 21:14 - 2014-04-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-21 21:14 - 2014-04-08 21:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-21 21:13 - 2014-09-21 21:13 - 00000000 ____D () C:\Users\pinocchia\AppData\Roaming\Abelssoft 2014-09-21 21:13 - 2014-09-21 21:13 - 00000000 ____D () C:\Users\pinocchia\AppData\Local\Abelssoft 2014-09-21 21:13 - 2014-09-21 21:13 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-09-21 21:11 - 2014-09-21 21:11 - 00000000 ____D () C:\Users\pinocchia\AppData\Roaming\LavasoftStatistics 2014-09-21 21:10 - 2014-09-21 21:10 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-09-20 09:55 - 2012-04-24 21:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-19 09:52 - 2014-09-19 09:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-18 21:19 - 2013-03-04 22:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-13 11:20 - 2011-02-04 23:27 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-09-13 11:20 - 2010-04-17 13:02 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-12 12:57 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2014-09-11 17:05 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-09-11 08:23 - 2009-11-16 14:01 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-11 08:21 - 2013-07-12 23:47 - 00000000 ____D () C:\windows\system32\MRT 2014-09-11 08:17 - 2010-04-29 00:10 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-11 08:16 - 2014-05-06 23:14 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-09-11 08:16 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-09-10 13:02 - 2012-07-12 11:01 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-09-10 13:02 - 2012-07-12 11:01 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-09-05 03:52 - 2014-09-11 07:08 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-05 03:47 - 2014-09-11 07:08 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-08-25 06:53 - 2010-04-17 16:23 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-08-23 03:46 - 2014-08-28 20:24 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-28 20:24 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys ZeroAccess: C:\Users\pinocchia\AppData\Local\{1edae7e1-5256-1aaa-dab1-48fb9fbb8e52} Some content of TEMP: ==================== C:\Users\AnnA_SusannA\AppData\Local\Temp\avgnt.exe C:\Users\Fuck You\AppData\Local\Temp\avgnt.exe C:\Users\pinocchia\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 10:13 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2014 01
Ran by pinocchia at 2014-09-22 22:08:03
Running from C:\Users\pinocchia\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{149bb302-ebda-47ae-b3e6-297cf4c356dc}) (Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MP230 series Benutzerregistrierung (HKLM\...\Canon MP230 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MP230 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series) (Version: 1.00 - Canon Inc.)
Canon MP230 series On-screen Manual (HKLM\...\Canon MP230 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Cisco AnyConnect VPN Client (HKLM\...\{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}) (Version: 2.5.6005 - Cisco Systems, Inc.)
Citavi (HKLM\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Cliqz (HKLM\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.4.0 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.1015 - Lenovo)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )
Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.5 - Lenovo)
Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.32.2018.03 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Visio MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
PC-Doctor für Windows (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5426.03 - PC-Doctor, Inc.)
PDF24 Creator 5.3.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1222589499-1032054173-1368976819-1003_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\pinocchia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1222589499-1032054173-1368976819-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\pinocchia\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1222589499-1032054173-1368976819-1003_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\pinocchia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1222589499-1032054173-1368976819-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\pinocchia\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1222589499-1032054173-1368976819-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\pinocchia\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1222589499-1032054173-1368976819-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\pinocchia\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1222589499-1032054173-1368976819-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\pinocchia\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\FileSyncApi.dll (Microsoft Corporation)
==================== Restore Points =========================
14-09-2014 17:00:21 Windows-Sicherung
16-09-2014 06:03:55 Windows Update
19-09-2014 07:43:06 Windows Update
21-09-2014 17:00:21 Windows-Sicherung
21-09-2014 19:09:36 AA11
21-09-2014 20:40:03 AA11
21-09-2014 20:44:46 AA11
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {20F00023-31E8-4EAC-A89C-DABAED24F7AF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {2303804B-D9E3-44BA-AF9E-5BFCB8431E52} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {24565060-B706-40DA-A25B-12C491ADCDA2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1222589499-1032054173-1368976819-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {38D90232-36FD-4161-8E07-1296833BC0C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43C67824-74E1-4644-AD41-8427B2584D6D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {4D37E5AA-3D50-44FC-84BB-A52E2895CC50} - System32\Tasks\{4F17AF63-F9A0-45C5-963B-8198D7B0517D} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {F4671500-B70D-4485-9D78-8527A1527C8B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1222589499-1032054173-1368976819-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-09-17 13:31 - 2014-09-17 13:31 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-17 13:30 - 2014-09-17 13:30 - 00066864 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2010-01-06 01:25 - 2008-12-20 05:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2010-01-06 01:25 - 2008-12-20 05:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2014-09-22 01:11 - 2014-09-17 13:31 - 00052472 _____ () C:\Users\Fuck You\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-19 09:52 - 2014-09-19 09:52 - 03734640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-07 10:05 - 2014-09-17 13:31 - 00052472 _____ () C:\Users\pinocchia\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-02-20 23:31 - 2014-01-28 08:47 - 00430080 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files\Lenovo\VeriFace\PManage.exe
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Lenovo EasyCamera
Description: Lenovo EasyCamera
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Bison
Service: Cam5607
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/22/2014 09:24:09 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-1222589499-1032054173-1368976819-1006}/">.
Error: (09/22/2014 09:22:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012298
ID des fehlerhaften Prozesses: 0x82c
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Error: (09/22/2014 09:20:09 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-1222589499-1032054173-1368976819-1006}/">.
Error: (09/22/2014 02:17:51 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-1222589499-1032054173-1368976819-1006}/">.
Error: (09/22/2014 02:17:06 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-1222589499-1032054173-1368976819-1006}/">.
Error: (09/22/2014 01:11:30 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-1222589499-1032054173-1368976819-1003}/">.
Error: (09/22/2014 01:10:51 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/22/2014 01:10:51 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/22/2014 01:10:51 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/22/2014 01:10:51 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
System errors:
=============
Error: (09/22/2014 09:19:24 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (09/22/2014 09:18:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/22/2014 09:18:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Gatewaydienst auf Anwendungsebene erreicht.
Error: (09/22/2014 09:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/22/2014 09:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/22/2014 09:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/22/2014 09:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/22/2014 09:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/22/2014 09:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/22/2014 09:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 60%
Total physical RAM: 3004.6 MB
Available physical RAM: 1188.32 MB
Total Pagefile: 6007.49 MB
Available Pagefile: 3698.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.51 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:420.56 GB) (Free:374.58 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:28.6 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2051D46A)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-22 22:46:58
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: v9lud7g2.exe; Driver: C:\Users\PINOCC~1\AppData\Local\Temp\ffrdiuoc.sys
---- System - GMER 2.1 ----
SSDT 8EA53076 ZwCreateSection
SSDT 8EA53080 ZwRequestWaitReplyPort
SSDT 8EA5307B ZwSetContextThread
SSDT 8EA53085 ZwSetSecurityObject
SSDT 8EA5308A ZwSystemDebugControl
SSDT 8EA53017 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C74A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAE212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CB558C 4 Bytes [76, 30, A5, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CB58E8 4 Bytes [80, 30, A5, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CB592C 4 Bytes [7B, 30, A5, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CB59A8 4 Bytes [85, 30, A5, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82CB59FC 4 Bytes [8A, 30, A5, 8E]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ntdll.dll!NtCreateFile 77B65608 5 Bytes JMP 1028E150 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ntdll.dll!NtFlushBuffersFile 77B65998 5 Bytes JMP 10265CD1 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ntdll.dll!NtQueryFullAttributesFile 77B66028 5 Bytes JMP 1028DDE0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ntdll.dll!NtReadFile 77B662F8 5 Bytes JMP 10265DC0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ntdll.dll!NtReadFileScatter 77B66308 5 Bytes JMP 10B88293 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ntdll.dll!NtWriteFile 77B66AA8 5 Bytes JMP 1028EC50 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ntdll.dll!NtWriteFileGather 77B66AB8 5 Bytes JMP 10B88242 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ntdll.dll!LdrLoadDll 77B822AE 5 Bytes JMP 639C1F42 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 763D94E6 7 Bytes JMP 10AF5F2D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] kernel32.dll!QueryPerformanceCounter + 13 763DC4E5 7 Bytes JMP 10AF5F50 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] kernel32.dll!LoadAppInitDlls + 355 763DF5A6 7 Bytes JMP 1028AA91 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] USER32.dll!GetWindowInfo 76924B5E 5 Bytes JMP 109FCE2F C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4476] GDI32.dll!GetViewportOrgEx + 26C 7647884B 7 Bytes JMP 10AF5EAE C:\Program Files\Mozilla Firefox\xul.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{D3A6198E-FA4F-11DE-9D32-806E6F6E6963} 75799937728
---- EOF - GMER 2.1 ----
Code:
ATTFilter Exportierte Ereignisse:
26.08.2014 07:25 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e08
9\mscorlib.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.Gen7' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\pinocchia\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.4.4954.exe
Status: Infiziert
Quarantäne-Objekt: 50f5d6b6.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.24.02
Virendefinitionsdatei: 8.11.165.192
Gefunden: ADWARE/OpenCandy.5692184
Datum/Uhrzeit: 07.08.2014, 15:10
Typ: Datei
Quelle: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
Status: Infiziert
Quarantäne-Objekt: 591bafb8.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.202
Virendefinitionsdatei: 7.11.50.108
Gefunden: TR/Dropper.Gen
Datum/Uhrzeit: 19.11.2012, 11:04
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.04.2014 Suchlauf-Zeit: 21:53:12 Logdatei: Malwarebytes.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: Rootkit Datenbank: Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: pinocchia Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 256937 Verstrichene Zeit: 21 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 1 Backdoor.0Access, C:\Windows\Installer\{1edae7e1-5256-1aaa-dab1-48fb9fbb8e52}\L, In Quarantäne, [d52b5ea2f40c8b758b27e719ff0136ca], Dateien: 1 PUP.Optional.Conduit.A, C:\Users\pinocchia\AppData\Roaming\Mozilla\Firefox\Profiles\3xvcolz3.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2611275.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&q=");), Ersetzt,[51af4db324dc09f7e45a2123fb0910f0] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.04.2014 Suchlauf-Zeit: 22:29:51 Logdatei: Malwarebytes2.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: Rootkit Datenbank: Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: pinocchia Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 257794 Verstrichene Zeit: 25 Min, 26 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.Softonic.A, C:\Users\pinocchia\Downloads\SoftonicDownloader_fuer_windows-live-fotogalerie.exe, In Quarantäne, [669ad62a0af6897709af67b241c0639d], Physische Sektoren: 0 (No malicious items detected) (end) |
|
22.09.2014, 23:39
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows7: Backdoor.0Access; PUP.Optional.ConduitA; PUP.Optional.SoftonicA gefunden Hallo und
__________________ Zitat:
 Lesestoff:Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
__________________ |
|
23.09.2014, 08:29
| #3 |
| | Windows7: Backdoor.0Access; PUP.Optional.ConduitA; PUP.Optional.SoftonicA gefunden Hallo Cosinus,
__________________vielen Dank für Deine Antwort. Boah, das ist ja der Hammer mit dem Virus. Wo holt man sich denn sowas? Und hat der einen Namen? Onlinebanking habe ich zum Glück nicht gemacht. Aber heißt das, dass ich davon ausgehen muss, dass der gesamte Schriftverkehr auf meinem Rechner jetzt irgendwo rumschwirrt? Habe ich es mir also nicht eingebildet, dass da auch Geräusche aus dem PC kamen, obwohl ich nichts daran gemacht habe? Ansonsten hast Du sicher recht, dass eine Neuinstallation das Beste ist, allerdings habe ich mir Eure Beschreibung mal angesehen und denke, dass ich das nicht hinbekomme. WErde den Rechner dann in die Werkstatt bringen. Hab vielen Dank für Deine schnelle Antwort! Gruß Dumme Nuss |
|
| Themen zu Windows7: Backdoor.0Access; PUP.Optional.ConduitA; PUP.Optional.SoftonicA gefunden |
| 4d36e972-e325-11ce-bfc1-08002be10318, adware, adware/opencandy.5692184, antivirus, backdoor.0access, canon, computer, entfernen, fehlercode 0x80070490, fehlercode 0xc0000005, firefox, flash player, helper, mozilla, pup.optional.conduit.a, pup.optional.softonic.a, registry, rundll, security, svchost.exe, tr/downloader.gen7, tr/dropper.gen, trojaner, tv wizard, warnung, windows |
Linear-Darstellung
