| |
| |||||||
Log-Analyse und Auswertung: Tastatur läßt Buchstaben ausWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.09.2014, 23:32
| #1 |
| |  Tastatur läßt Buchstaben aus Hallo Trojaner-Board, Seit einigen Tagen spinnt meine Tastatur. Ich schreibe realtiv schnell, aber seit kurzem scheint er einige Buchstaben die ich eingebe nicht anzunehmen. Mein PC laggt währenddessen auch minimal. Dieser Vorfall wiederholt sich nicht allzu oft, aber es stört. Ich habe die befürchtung, das unbefugte Personen sich zugang zu meinen Dateien beschaffen. Ich möchte gerne sicherstellen das mein PC nicht von einem Ausspionier Programm befallen ist. Bisher hab ich meinen PC nur einen komplett Scan, mit Avira Anti Virus unterlaufen lassen. defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:57 on 28/09/2014 (Administrator)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2014 02
Ran by Administrator (administrator) on 7-PC on 28-09-2014 23:59:43
Running from C:\Users\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows 7 Professional (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Perfect Privacy) C:\Program Files\Perfect Privacy VPN Manager\VPNManagerService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SiSoftware) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Administrator\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1125053414-927801948-1259786926-500\...\Run: [SendBlaster] => "C:\Program Files\SendBlaster3\sendblaster3.exe" /S
HKU\S-1-5-21-1125053414-927801948-1259786926-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4810520 2014-09-25] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{536C7612-A3BA-46EC-A682-235EAECA0248}: [NameServer] 176.10.116.169,67.202.67.106
Tcpip\..\Interfaces\{BA850C76-60DA-460C-8F66-976D8471F1B5}: [NameServer] 176.10.116.169,67.202.67.106
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bm2unjp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bm2unjp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-19]
FF Extension: BetterPrivacy - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bm2unjp.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-09-19]
FF Extension: QuickJava - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bm2unjp.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-09-19]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
R3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R2 VPNManager; C:\Program Files\Perfect Privacy VPN Manager\VPNManagerService.exe [17408 2014-08-16] (Perfect Privacy) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-08-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-08-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-15] (CACE Technologies, Inc.)
R3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-14] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-28 23:59 - 2014-09-28 23:59 - 02108928 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2014-09-28 23:59 - 2014-09-28 23:59 - 01100288 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-09-28 23:59 - 2014-09-28 23:59 - 00006647 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-28 23:59 - 2014-09-28 23:59 - 00000000 ____D () C:\FRST
2014-09-28 23:57 - 2014-09-28 23:58 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-09-28 23:57 - 2014-09-28 23:57 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-09-28 23:56 - 2014-09-28 23:56 - 01100288 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-28 23:56 - 2014-09-28 23:56 - 00050477 _____ () C:\Users\Administrator\Desktop\Defogger.exe
2014-09-28 19:50 - 2014-09-28 19:51 - 00000027 _____ () C:\Users\Administrator\Desktop\flex jabber.txt
2014-09-28 15:22 - 2014-09-28 15:24 - 16146272 _____ (PortableApps.com) C:\Users\Administrator\Downloads\PidginPortable_2.10.9.paf(1).exe
2014-09-28 15:21 - 2014-09-28 15:21 - 00519392 _____ (PortableApps.com) C:\Users\Administrator\Downloads\Pidgin-OTR_Portable_3.2_Rev_2.paf(1).exe
2014-09-28 14:43 - 2014-09-28 14:43 - 00519392 _____ (PortableApps.com) C:\Users\Administrator\Downloads\Pidgin-OTR_Portable_3.2_Rev_2.paf.exe
2014-09-28 13:30 - 2014-09-28 13:30 - 00000000 ____D () C:\Users\Administrator\Downloads\MirandaFusionPortable3.2.8
2014-09-28 13:29 - 2014-09-28 13:29 - 07770454 _____ () C:\Users\Administrator\Downloads\MirandaFusionPortable3.2.8.7z
2014-09-28 13:23 - 2014-09-28 13:23 - 00709272 _____ (PortableApps.com) C:\Users\Administrator\Downloads\Pidgin-OTR_Portable_4.0.0-1.paf.exe
2014-09-28 13:19 - 2014-09-28 13:19 - 01623752 _____ () C:\Users\Administrator\Downloads\pidgin-otr-4.0.0-1.exe
2014-09-28 13:18 - 2014-09-28 13:18 - 00000000 ____D () C:\Users\Administrator\Downloads\PidginPortable
2014-09-28 13:17 - 2014-09-28 13:18 - 16146272 _____ (PortableApps.com) C:\Users\Administrator\Downloads\PidginPortable_2.10.9.paf.exe
2014-09-28 13:17 - 2014-09-28 13:17 - 00000000 ____D () C:\Users\Administrator\Downloads\cleanranda_v2
2014-09-28 05:04 - 2014-09-28 13:19 - 00000000 ____D () C:\Users\Administrator\.zenmap
2014-09-28 05:04 - 2014-09-28 05:04 - 00000000 ____D () C:\Program Files\WinPcap
2014-09-28 05:03 - 2014-09-28 05:04 - 15620228 _____ (Insecure.org) C:\Users\Administrator\Downloads\nmap-5.20-setup.exe
2014-09-28 02:08 - 2014-09-28 02:08 - 07836062 _____ () C:\Users\Administrator\Downloads\w3d_miranda_pack.rar
2014-09-28 01:37 - 2014-09-28 01:37 - 01163292 _____ () C:\Users\Administrator\Downloads\mirotr.zip
2014-09-28 01:37 - 2014-09-28 01:37 - 00000000 ____D () C:\Users\Administrator\Downloads\mirotr
2014-09-28 00:31 - 2014-09-28 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram3D Miranda Pack 3.0
2014-09-28 00:31 - 2010-03-18 09:15 - 00770384 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-09-28 00:31 - 2010-03-18 09:15 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-09-28 00:28 - 2014-09-28 00:28 - 08039856 _____ (Wolfram3D ) C:\Users\Administrator\Downloads\w3d_miranda_pack.exe
2014-09-27 23:39 - 2014-09-27 23:39 - 00002110 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2014-09-27 21:05 - 2014-09-27 23:39 - 03187201 _____ () C:\Users\Administrator\Documents\Unbenannt.xcf
2014-09-27 21:05 - 2014-09-27 23:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\gtk-2.0
2014-09-27 20:03 - 2014-09-27 20:03 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-09-27 20:01 - 2014-09-27 20:03 - 00000000 ____D () C:\Program Files\GIMP 2
2014-09-27 19:54 - 2014-09-27 20:00 - 90396104 _____ (The GIMP Team ) C:\Users\Administrator\Downloads\gimp-2.8.10-setup.exe
2014-09-27 19:25 - 2014-09-27 19:25 - 04964488 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup418.exe
2014-09-27 04:34 - 2014-09-27 04:34 - 00006928 _____ () C:\Users\Administrator\Downloads\html learn.txt
2014-09-27 04:28 - 2014-09-27 04:28 - 00000000 ____D () C:\Users\Administrator\Downloads\krypton118
2014-09-27 04:23 - 2014-09-27 04:23 - 00000000 ____D () C:\Users\Administrator\Downloads\krypton
2014-09-27 04:16 - 2014-09-27 04:23 - 22564182 _____ () C:\Users\Administrator\Downloads\krypton.rar
2014-09-27 04:13 - 2014-09-27 04:13 - 01581616 _____ () C:\Users\Administrator\Downloads\modus_versus-web.zip
2014-09-27 01:24 - 2014-09-27 01:24 - 00000000 ____D () C:\Users\Administrator\Desktop\Songtext
2014-09-26 20:29 - 2014-09-26 20:31 - 00000000 _____ () C:\Users\Administrator\Documents\Magix Video Maker 2014
2014-09-26 20:22 - 2014-09-26 20:25 - 00000000 ____D () C:\Program Files\TrueCrypt
2014-09-26 20:22 - 2014-09-26 20:24 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TrueCrypt
2014-09-26 20:22 - 2014-09-26 20:22 - 00231760 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-09-26 20:22 - 2014-09-26 20:22 - 00001028 _____ () C:\Users\Public\Desktop\TrueCrypt.lnk
2014-09-26 20:22 - 2014-09-26 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2014-09-26 18:14 - 2014-09-26 18:14 - 00007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2014-09-26 16:03 - 2014-09-27 01:22 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner
2014-09-26 15:17 - 2014-09-26 15:17 - 00001336 _____ () C:\Users\Public\Desktop\SiSoftware Sandra Lite 2014.SP2a.lnk
2014-09-26 15:17 - 2014-09-26 15:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\NVIDIA
2014-09-26 15:17 - 2014-09-26 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
2014-09-26 15:17 - 2014-04-25 11:06 - 14155776 _____ () C:\Users\Administrator\AppData\Roaming\Sandra.mdb
2014-09-26 15:16 - 2014-09-26 15:16 - 00000000 ____D () C:\Program Files\SiSoftware
2014-09-25 19:23 - 2014-09-25 21:01 - 00000255 _____ () C:\Users\Administrator\Desktop\Meine Daten.txt
2014-09-25 15:17 - 2014-09-26 19:31 - 00000567 _____ () C:\Users\Administrator\Desktop\Neues Textdokument (2).txt
2014-09-25 00:27 - 2014-09-25 00:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 14:35 - 2014-09-24 14:35 - 00000000 ____D () C:\Program Files\ISY
2014-09-24 14:35 - 2011-08-11 07:46 - 00602216 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTL8192su.sys
2014-09-23 23:03 - 2014-09-23 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-23 22:54 - 2014-09-26 13:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-23 22:54 - 2014-09-23 22:54 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-09-23 22:54 - 2014-07-02 22:54 - 00061728 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-23 22:54 - 2014-07-02 21:42 - 04389848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-09-23 22:54 - 2014-07-02 21:42 - 03063256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2014-09-23 22:54 - 2014-07-02 21:42 - 02556360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-09-23 22:54 - 2014-07-02 21:42 - 00670552 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-09-23 22:54 - 2014-07-02 21:42 - 00377288 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-09-23 22:54 - 2014-07-02 21:42 - 00062936 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-09-23 22:54 - 2014-07-02 19:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-09-23 22:54 - 2014-07-02 07:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-09-23 22:53 - 2014-07-02 22:54 - 24198088 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-09-23 22:53 - 2014-07-02 22:54 - 16122344 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-09-23 22:53 - 2014-07-02 22:54 - 15296456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-23 22:53 - 2014-07-02 22:54 - 14498552 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2014-09-23 22:53 - 2014-07-02 22:54 - 11283344 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-23 22:53 - 2014-07-02 22:54 - 11222048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-23 22:53 - 2014-07-02 22:54 - 10681176 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-23 22:53 - 2014-07-02 22:54 - 03988952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-23 22:53 - 2014-07-02 22:54 - 02814656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2014-09-23 22:53 - 2014-07-02 22:54 - 01054552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234052.dll
2014-09-23 22:53 - 2014-07-02 22:54 - 00907552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234052.dll
2014-09-23 22:53 - 2014-07-02 22:54 - 00907096 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2014-09-23 22:53 - 2014-07-02 22:54 - 00869152 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2014-09-23 22:53 - 2014-07-02 22:54 - 00021215 _____ () C:\Windows\system32\nvinfo.pb
2014-09-23 22:51 - 2014-09-23 22:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-22 23:13 - 2014-09-22 23:27 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SendBlaster3
2014-09-22 21:10 - 2014-09-22 21:10 - 00001719 _____ () C:\Windows\system32\ÜZERİNE BASARAK SÖYLÜYORUM TÜRKİYENİN YOBAZ MALLARINA BU YAHUDİ CESARET MADALYASI YAHUDİ OLMAYAN HİÇBİR ADAMA VERİLMEZ BU BİR İLK TİR YAHUDİ BUNU KENDİNDEN OLMAYANA VERMEZ VEREMEZ ARAŞTIRIN SO.lnk
2014-09-22 21:03 - 2014-09-22 21:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-09-21 01:18 - 2014-09-21 01:19 - 00000000 ____D () C:\sqlmap
2014-09-21 01:18 - 2014-09-21 01:18 - 00000000 ____D () C:\Python27
2014-09-21 01:18 - 2014-09-21 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2014-09-21 01:09 - 2014-09-21 01:09 - 00000000 ____D () C:\Users\Administrator\.thumbnails
2014-09-21 01:08 - 2014-09-21 01:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TeamViewer
2014-09-20 13:25 - 2014-09-28 04:36 - 00000000 ____D () C:\Users\Administrator\.gimp-2.8
2014-09-20 13:25 - 2014-09-20 13:25 - 00000000 ____D () C:\Users\Administrator\AppData\Local\gegl-0.2
2014-09-20 13:25 - 2014-09-20 13:25 - 00000000 ____D () C:\Users\Administrator\AppData\Local\fontconfig
2014-09-20 13:17 - 2014-09-20 13:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nvu
2014-09-20 13:17 - 2014-09-20 13:17 - 00000851 _____ () C:\Users\Administrator\Desktop\Nvu.lnk
2014-09-20 13:17 - 2014-09-20 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu
2014-09-20 13:17 - 2014-09-20 13:17 - 00000000 ____D () C:\Program Files\Nvu
2014-09-20 09:03 - 2014-09-23 13:53 - 00000000 ____D () C:\Program Files\Steam
2014-09-20 09:03 - 2014-09-20 09:03 - 00000921 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-09-20 09:03 - 2014-09-20 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-20 09:03 - 2014-09-20 09:03 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-09-20 07:27 - 2004-03-08 13:00 - 00609824 _____ (Microsoft Corporation) C:\Windows\system32\COMCTL32.ocx
2014-09-20 07:27 - 1999-05-06 14:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\Comdlg32.ocx
2014-09-20 07:19 - 2014-09-20 07:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-09-20 02:10 - 2014-09-20 02:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice
2014-09-20 02:07 - 2014-09-20 02:07 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-09-20 02:07 - 2014-09-20 02:07 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-20 02:07 - 2014-09-20 02:07 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-09-20 01:27 - 2014-09-20 01:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Notepad++
2014-09-20 01:27 - 2014-09-20 01:27 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-09-20 01:27 - 2014-09-20 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-09-20 01:27 - 2014-09-20 01:27 - 00000000 ____D () C:\Program Files\Notepad++
2014-09-19 14:30 - 2014-09-19 14:30 - 00000000 ____D () C:\Users\Administrator\Downloads\TeamViewerPortable_9.0.32494
2014-09-19 10:45 - 2014-09-24 22:38 - 00002012 ____H () C:\Users\Administrator\Documents\Default.rdp
2014-09-19 07:10 - 2014-09-27 01:25 - 00000616 _____ () C:\Users\Administrator\Desktop\Bitcoin Konto.txt
2014-09-19 07:08 - 2014-09-19 07:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-19 07:04 - 2014-09-19 07:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Avira
2014-09-19 07:04 - 2014-09-19 07:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Perfect_Privacy
2014-09-19 07:03 - 2014-09-27 20:31 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-09-19 07:03 - 2014-09-19 07:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 07:03 - 2014-09-19 07:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia
2014-09-19 07:02 - 2014-09-19 07:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinRAR
2014-09-19 07:00 - 2014-09-20 07:23 - 00063568 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-19 07:00 - 2014-09-19 07:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-09-19 07:00 - 2014-09-19 07:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2014-09-19 06:59 - 2014-09-19 06:59 - 00001409 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-19 06:58 - 2014-09-28 23:57 - 00000000 ____D () C:\Users\Administrator
2014-09-19 06:58 - 2014-09-19 06:58 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-19 06:58 - 2014-09-19 06:58 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-09-19 06:58 - 2014-09-19 06:58 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-09-19 06:58 - 2014-09-19 06:58 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-09-19 06:58 - 2014-09-19 06:58 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-09-19 06:58 - 2014-09-19 06:58 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-09-19 06:58 - 2014-09-19 06:58 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-19 06:58 - 2014-09-19 06:58 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-09-19 06:58 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-19 06:58 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-19 06:56 - 2014-09-19 06:56 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-09-19 06:55 - 2009-11-25 00:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-09-19 06:55 - 2009-11-25 00:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-09-19 06:55 - 2009-11-25 00:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-09-19 06:55 - 2009-11-25 00:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-09-19 06:55 - 2009-11-25 00:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-09-19 06:54 - 2014-09-19 07:04 - 00000000 ____D () C:\Program Files\Perfect Privacy VPN Manager
2014-09-19 06:54 - 2014-09-19 06:54 - 00001108 _____ () C:\Users\Public\Desktop\VPN Manager.lnk
2014-09-19 06:54 - 2014-09-19 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Privacy VPN
2014-09-19 03:34 - 2014-09-27 19:25 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-19 03:34 - 2014-09-27 19:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-19 03:34 - 2014-09-19 03:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-18 23:09 - 2014-09-19 03:40 - 00000000 ____D () C:\Windows\Panther
2014-09-18 22:12 - 2014-09-18 22:12 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-09-18 22:12 - 2014-09-18 22:12 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-09-18 14:30 - 2014-09-18 14:28 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-18 14:27 - 2014-08-14 23:30 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-18 14:27 - 2014-08-14 23:30 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-18 14:27 - 2014-08-14 23:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-18 14:27 - 2014-08-14 23:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-09-18 14:26 - 2014-09-29 00:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 14:26 - 2014-09-19 07:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-18 14:26 - 2014-09-19 07:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-18 14:26 - 2014-09-18 14:26 - 00000000 ____D () C:\Windows\system32\Macromed
2014-09-18 14:24 - 2014-09-18 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-18 14:24 - 2014-09-18 14:27 - 00000000 ____D () C:\ProgramData\Avira
2014-09-18 14:24 - 2014-09-18 14:27 - 00000000 ____D () C:\Program Files\Avira
2014-09-18 14:24 - 2014-09-18 14:24 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-18 14:24 - 2014-09-18 14:24 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 14:02 - 2014-09-25 01:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-18 14:02 - 2014-09-18 14:02 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-18 12:10 - 2014-09-17 19:29 - 00000353 _____ () C:\Users\Administrator\Downloads\spielen.txt
2014-09-18 12:10 - 2014-09-16 10:10 - 00002809 _____ () C:\Users\Administrator\Downloads\uncrackbare hashes gute mitglieder.txt
2014-09-18 12:10 - 2014-09-16 05:32 - 00000000 ____D () C:\Users\Administrator\Downloads\Programme
2014-09-18 12:10 - 2014-09-15 15:14 - 00011143 _____ () C:\Users\Administrator\Downloads\mail;pass end.txt
2014-09-18 12:10 - 2014-09-14 16:12 - 00000903 _____ () C:\Users\Administrator\Downloads\password.txt
2014-09-18 12:06 - 2014-09-18 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-18 12:06 - 2014-09-18 12:06 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-18 11:40 - 2014-08-24 19:53 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 11:26 - 2014-09-26 14:02 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 11:25 - 2014-09-18 11:25 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-18 11:25 - 2014-09-18 11:25 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-18 11:22 - 2014-09-24 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISY Dienstprogramm für WLAN USB-Adapter
2014-09-18 11:22 - 2014-09-18 11:22 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2014-09-18 11:17 - 2014-09-28 16:49 - 00077160 ____N () C:\Windows\WindowsUpdate.log
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\Programme
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-09-18 11:16 - 2014-09-18 11:16 - 00000000 __SHD () C:\Recovery
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-28 23:34 - 2009-07-14 06:34 - 00013600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-28 23:34 - 2009-07-14 06:34 - 00013600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 15:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-26 13:58 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 22:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-09-22 07:34 - 2009-07-14 06:33 - 00294440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 03:21 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-20 07:23 - 2009-07-14 06:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-20 02:06 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-19 07:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-19 06:57 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-18 23:09 - 2009-07-14 06:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-09-18 23:09 - 2009-07-14 06:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-09-18 22:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-18 22:12 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-18 22:10 - 2009-07-14 10:57 - 00000000 ____D () C:\Windows\CSC
2014-09-18 11:22 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\restore
2014-09-18 11:16 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-09-18 11:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Windows NT
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-27 06:16
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-09-2014 02
Ran by Administrator at 2014-09-29 00:00:08
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Avira (HKLM\...\{149bb302-ebda-47ae-b3e6-297cf4c356dc}) (Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
ISY USB Wireless Adapter (HKLM\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.14 - ISY)
ISY USB Wireless Adapter (Version: 1.0.0.14 - ISY) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
Nvu 1.0 (HKLM\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Python 2.7.7 (HKLM\...\{049CA433-77A0-4e48-AC76-180A282C4E10}) (Version: 2.7.7150 - Python Software Foundation)
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VPN Manager 1.6.69.0 (HKLM\...\VPN Manager) (Version: 1.6.69.0 - Perfect-Privacy)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
26-09-2014 13:16:31 SiSoftware Sandra Lite
26-09-2014 18:22:22 TrueCrypt installation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2AE824B2-1EBD-4955-A8C3-23B3AB977071} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-25] (Piriform Ltd)
Task: {B7C655AE-0777-4154-A496-7BF0AC4A20D6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-19] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-09-23 22:54 - 2014-07-02 21:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-09-17 02:31 - 2014-09-17 02:31 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-17 02:30 - 2014-09-17 02:30 - 00066864 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-28 00:31 - 2011-02-27 15:21 - 00068720 _____ () Z:\Miranda IM\Plugins\shlext.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2014-09-19 06:59 - 2014-09-17 02:31 - 00052472 ____N () C:\Users\Administrator\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-09-25 00:27 - 2014-09-25 00:27 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-28 23:56 - 2014-09-28 23:56 - 00050477 _____ () C:\Users\Administrator\Desktop\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1125053414-927801948-1259786926-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-1125053414-927801948-1259786926-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/28/2014 06:36:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pidgin-portable.exe, Version: 2.10.9.0, Zeitstempel: 0x52eee0a8
Name des fehlerhaften Moduls: libgtk-win32-2.0-0.dll, Version: 2.16.6.0, Zeitstempel: 0x4b6f2415
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8f71
ID des fehlerhaften Prozesses: 0xc0c
Startzeit der fehlerhaften Anwendung: 0xpidgin-portable.exe0
Pfad der fehlerhaften Anwendung: pidgin-portable.exe1
Pfad des fehlerhaften Moduls: pidgin-portable.exe2
Berichtskennung: pidgin-portable.exe3
Error: (09/28/2014 06:16:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/28/2014 00:21:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x176c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/28/2014 00:21:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 32.0.3.5379 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1700
Startzeit: 01cfda7848785f27
Endzeit: 136
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID: 8da6cfc9-4694-11e4-b2c9-00219b3e0e60
Error: (09/27/2014 07:31:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/27/2014 07:05:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/26/2014 11:15:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 32.0.3.5379 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 270
Startzeit: 01cfd9842f1e6c74
Endzeit: 128
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID: 3cd7dce2-45c2-11e4-b2c9-00219b3e0e60
Error: (09/26/2014 02:00:20 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/26/2014 02:00:20 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/26/2014 02:00:20 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (09/27/2014 07:24:04 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{4999A4CB-B531-4E1A-A916-5E2B0319307E} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (09/26/2014 02:00:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/26/2014 02:00:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (09/26/2014 02:00:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/26/2014 02:00:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (09/26/2014 02:00:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/26/2014 02:00:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (09/26/2014 02:00:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/26/2014 02:00:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (09/26/2014 02:00:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (09/28/2014 06:36:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pidgin-portable.exe2.10.9.052eee0a8libgtk-win32-2.0-0.dll2.16.6.04b6f2415c0000005000b8f71c0c01cfdb1fc0c55f46Z:\PidginPortable\App\Pidgin\pidgin-portable.exeZ:\PidginPortable\App\Pidgin\Gtk\bin\libgtk-win32-2.0-0.dll9f0ba6a0-472d-11e4-b2c9-00219b3e0e60
Error: (09/28/2014 06:16:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sisoftware\sisoftware sandra lite 2014.sp2a\wnt500x64\RpcSandraSrv.exe
Error: (09/28/2014 00:21:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b176c01cfda894b448815C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll8ee595dc-4694-11e4-b2c9-00219b3e0e60
Error: (09/28/2014 00:21:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe32.0.3.5379170001cfda7848785f27136C:\Program Files\Mozilla Firefox\firefox.exe8da6cfc9-4694-11e4-b2c9-00219b3e0e60
Error: (09/27/2014 07:31:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sisoftware\sisoftware sandra lite 2014.sp2a\wnt500x64\RpcSandraSrv.exe
Error: (09/27/2014 07:05:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sisoftware\sisoftware sandra lite 2014.sp2a\wnt500x64\RpcSandraSrv.exe
Error: (09/26/2014 11:15:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe32.0.3.537927001cfd9842f1e6c74128C:\Program Files\Mozilla Firefox\firefox.exe3cd7dce2-45c2-11e4-b2c9-00219b3e0e60
Error: (09/26/2014 02:00:20 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/26/2014 02:00:20 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/26/2014 02:00:20 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 34%
Total physical RAM: 3069.61 MB
Available physical RAM: 2001.17 MB
Total Pagefile: 6137.5 MB
Available Pagefile: 4650.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1878.32 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.41 GB) (Free:52.08 GB) NTFS
Drive d: (IWL1000) (CDROM) (Total:0.07 GB) (Free:0 GB) CDFS
Drive z: () (Fixed) (Total:3.99 GB) (Free:3.77 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 266DC603)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gmer.txt Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-29 00:08:23
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD800HLFS-75G6U0 rev.04.04V01 74,51GB
Running: f9j68edx.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldapog.sys
---- System - GMER 2.1 ----
SSDT 8FFA9BF6 ZwCreateSection
SSDT 8FFA9C00 ZwRequestWaitReplyPort
SSDT 8FFA9BFB ZwSetContextThread
SSDT 8FFA9C05 ZwSetSecurityObject
SSDT 8FFA9C0A ZwSystemDebugControl
SSDT 8FFA9B97 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C92579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB6F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 82CBE840 4 Bytes [F6, 9B, FA, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 69C 82CBEB9C 4 Bytes [00, 9C, FA, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 82CBEBE0 4 Bytes [FB, 9B, FA, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 75C 82CBEC5C 4 Bytes [05, 9C, FA, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B0 82CBECB0 4 Bytes [0A, 9C, FA, 8F]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- EOF - GMER 2.1 ----
|
| Themen zu Tastatur läßt Buchstaben aus |
| adware, antivirus, bitcoin, browser, ccsetup, defender, fehlercode 0x80000003, fehlercode 0xc0000005, fehlercode 28, fehlercode windows, firefox, flash player, installation, mozilla, programm, realtek, registry, security, services.exe, svchost.exe, tastatur, windows |
Baum-Darstellung