| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antivir hat Virus gefunden was nun ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.10.2014, 10:26
| #1 |
 |  Antivir hat Virus gefunden was nun ?Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 3. Oktober 2014 09:41
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Ultimate
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Lapi
Computername : LAPI-PC
Versionsinformationen:
BUILD.DAT : 14.0.6.570 92022 Bytes 15.08.2014 10:30:00
AVSCAN.EXE : 14.0.6.548 1046608 Bytes 14.08.2014 12:11:23
AVSCANRC.DLL : 14.0.6.522 62544 Bytes 14.08.2014 12:11:23
LUKE.DLL : 14.0.6.522 57936 Bytes 14.08.2014 12:11:45
AVSCPLR.DLL : 14.0.6.548 92752 Bytes 14.08.2014 12:11:23
AVREG.DLL : 14.0.6.522 262224 Bytes 14.08.2014 12:11:21
avlode.dll : 14.0.6.526 603728 Bytes 14.08.2014 12:11:21
avlode.rdf : 14.0.4.46 64835 Bytes 08.09.2014 11:32:42
XBV00010.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:38
XBV00011.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:38
XBV00012.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:38
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:38
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:38
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:38
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:38
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:38
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:38
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:38
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:38
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:38
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:39
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:35:40
XBV00073.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00074.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00075.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00076.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00077.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00078.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00079.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00080.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00081.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00082.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00083.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00084.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00085.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00086.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00087.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00088.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00089.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:47
XBV00090.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00091.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00092.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00093.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00094.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00095.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00096.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00097.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00098.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00099.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00100.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00101.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00102.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00103.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00104.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00105.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00106.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00107.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00108.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00109.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00110.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:48
XBV00111.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00112.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00113.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00114.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00115.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00116.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00117.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00118.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00119.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00120.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00121.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00122.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00123.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00124.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00125.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00126.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00127.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00128.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00129.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00130.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00131.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00132.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00133.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00134.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00135.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:49
XBV00136.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00137.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00138.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00139.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00140.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00141.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00142.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00143.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00144.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00145.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00146.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00147.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00148.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00149.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00150.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00151.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00152.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00153.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00154.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00155.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00156.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00157.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00158.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00159.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:50
XBV00160.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00161.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00162.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00163.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00164.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00165.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00166.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00167.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00168.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00169.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00170.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00171.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00172.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00173.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00174.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00175.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00176.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00177.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00178.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00179.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00180.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00181.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00182.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00183.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00184.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00185.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:51
XBV00186.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00187.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00188.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00189.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00190.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00191.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00192.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00193.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00194.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00195.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00196.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00197.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00198.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00199.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00200.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00201.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00202.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00203.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00204.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00205.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00206.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00207.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00208.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00209.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:52
XBV00210.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00211.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00212.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00213.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00214.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00215.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00216.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00217.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00218.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00219.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00220.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00221.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00222.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00223.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00224.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00225.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00226.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00227.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00228.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00229.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00230.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00231.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00232.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00233.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:53
XBV00234.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00235.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00236.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00237.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00238.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00239.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00240.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00241.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00242.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00243.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00244.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00245.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00246.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00247.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00248.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00249.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00250.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00251.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00252.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00253.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00254.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00255.VDF : 8.11.175.172 2048 Bytes 30.09.2014 11:45:54
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:38:25
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 11:41:10
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 12:48:40
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:22:08
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 13:29:37
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 13:46:46
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 12:49:22
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 12:35:56
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 06:35:38
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 11:36:05
XBV00042.VDF : 8.11.175.172 1208832 Bytes 30.09.2014 11:45:45
XBV00043.VDF : 8.11.175.174 36864 Bytes 30.09.2014 17:45:50
XBV00044.VDF : 8.11.175.178 5632 Bytes 30.09.2014 17:45:50
XBV00045.VDF : 8.11.175.180 11264 Bytes 30.09.2014 05:33:35
XBV00046.VDF : 8.11.175.194 9728 Bytes 30.09.2014 05:33:35
XBV00047.VDF : 8.11.175.206 3072 Bytes 30.09.2014 05:33:35
XBV00048.VDF : 8.11.175.218 2560 Bytes 30.09.2014 05:33:35
XBV00049.VDF : 8.11.175.222 24576 Bytes 01.10.2014 05:33:35
XBV00050.VDF : 8.11.175.224 28160 Bytes 01.10.2014 12:13:54
XBV00051.VDF : 8.11.175.230 3072 Bytes 01.10.2014 18:13:53
XBV00052.VDF : 8.11.175.232 17408 Bytes 01.10.2014 18:13:53
XBV00053.VDF : 8.11.175.234 19456 Bytes 01.10.2014 18:13:53
XBV00054.VDF : 8.11.175.236 11264 Bytes 01.10.2014 18:13:53
XBV00055.VDF : 8.11.175.238 12288 Bytes 01.10.2014 18:13:53
XBV00056.VDF : 8.11.175.254 10240 Bytes 01.10.2014 04:58:02
XBV00057.VDF : 8.11.176.8 5120 Bytes 01.10.2014 04:58:02
XBV00058.VDF : 8.11.176.18 5120 Bytes 01.10.2014 04:58:03
XBV00059.VDF : 8.11.176.20 6144 Bytes 02.10.2014 04:58:03
XBV00060.VDF : 8.11.176.26 27136 Bytes 02.10.2014 11:17:52
XBV00061.VDF : 8.11.176.28 16384 Bytes 02.10.2014 11:17:52
XBV00062.VDF : 8.11.176.30 17408 Bytes 02.10.2014 17:17:55
XBV00063.VDF : 8.11.176.40 2048 Bytes 02.10.2014 17:17:55
XBV00064.VDF : 8.11.176.50 11264 Bytes 02.10.2014 17:17:55
XBV00065.VDF : 8.11.176.60 5632 Bytes 02.10.2014 17:17:55
XBV00066.VDF : 8.11.176.70 2048 Bytes 02.10.2014 17:17:55
XBV00067.VDF : 8.11.176.82 11264 Bytes 02.10.2014 17:17:55
XBV00068.VDF : 8.11.176.86 18944 Bytes 02.10.2014 05:50:26
XBV00069.VDF : 8.11.176.88 2048 Bytes 02.10.2014 05:50:26
XBV00070.VDF : 8.11.176.90 9216 Bytes 02.10.2014 05:50:26
XBV00071.VDF : 8.11.176.92 2048 Bytes 03.10.2014 05:50:26
XBV00072.VDF : 8.11.176.96 31744 Bytes 03.10.2014 05:50:26
LOCAL000.VDF : 8.11.176.96 111556096 Bytes 03.10.2014 05:50:46
Engineversion : 8.3.24.32
AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 18:07:16
AESCRIPT.DLL : 8.2.0.28 436136 Bytes 02.10.2014 11:17:52
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 11:56:02
AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 16:22:09
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 13:37:53
AEPACK.DLL : 8.4.0.54 788392 Bytes 24.09.2014 18:14:38
AEOFFICE.DLL : 8.3.0.28 224112 Bytes 02.10.2014 11:17:52
AEHEUR.DLL : 8.1.4.1310 7564144 Bytes 26.09.2014 14:24:40
AEHELP.DLL : 8.3.1.0 278728 Bytes 29.05.2014 06:39:08
AEGEN.DLL : 8.1.7.30 453480 Bytes 26.09.2014 14:24:33
AEEXP.DLL : 8.4.2.32 247712 Bytes 02.09.2014 11:11:34
AEEMU.DLL : 8.1.3.4 399264 Bytes 09.08.2014 06:35:25
AEDROID.DLL : 8.4.2.24 442568 Bytes 04.06.2014 16:40:37
AECORE.DLL : 8.3.2.6 243712 Bytes 09.08.2014 06:35:25
AEBB.DLL : 8.1.2.0 60448 Bytes 09.08.2014 06:35:24
AVWINLL.DLL : 14.0.6.522 24144 Bytes 14.08.2014 12:11:18
AVPREF.DLL : 14.0.6.522 50256 Bytes 14.08.2014 12:11:21
AVREP.DLL : 14.0.6.522 219216 Bytes 14.08.2014 12:11:21
AVARKT.DLL : 14.0.5.368 226384 Bytes 24.06.2014 10:55:02
AVEVTLOG.DLL : 14.0.6.522 182352 Bytes 14.08.2014 12:11:20
SQLITE3.DLL : 14.0.6.522 452176 Bytes 14.08.2014 12:11:50
AVSMTP.DLL : 14.0.6.522 76368 Bytes 14.08.2014 12:11:24
NETNT.DLL : 14.0.6.522 13392 Bytes 14.08.2014 12:11:45
RCIMAGE.DLL : 14.0.6.544 4863568 Bytes 14.08.2014 12:11:18
RCTEXT.DLL : 14.0.6.558 76080 Bytes 26.08.2014 11:19:52
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Freitag, 3. Oktober 2014 09:41
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '167' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '180' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'SRSPremiumPanel_64.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_15_0_0_152.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_15_0_0_152.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\drivers\beep.sys'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Signiert -> 'C:\Windows\system32\imm32.dll'
Signiert -> 'C:\Windows\system32\dsound.dll'
Signiert -> 'C:\Windows\system32\aclui.dll'
Signiert -> 'C:\Windows\system32\msvcrt.dll'
Signiert -> 'C:\Windows\system32\d3d9.dll'
Signiert -> 'C:\Windows\system32\dnsapi.dll'
Signiert -> 'C:\Windows\system32\mshtml.dll'
Signiert -> 'C:\Windows\system32\regsvr32.exe'
Signiert -> 'C:\Windows\system32\rundll32.exe'
Signiert -> 'C:\Windows\system32\userinit.exe'
Signiert -> 'C:\Windows\system32\reg.exe'
Signiert -> 'C:\Windows\regedit.exe'
Die Systemdateien wurden durchsucht ('34' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1877' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\Lapi\AppData\Local\Temp\kpNyACbt.exe.part
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Softpulse.107390
C:\Users\Lapi\AppData\Local\Temp\kpNyACbt.exe.part
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Softpulse.107390
Beginne mit der Suche in 'D:\'
Beginne mit der Desinfektion:
C:\Users\Lapi\AppData\Local\Temp\kpNyACbt.exe.part
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Softpulse.107390
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5192c5c0.qua' verschoben!
Ende des Suchlaufs: Freitag, 3. Oktober 2014 11:23
Benötigte Zeit: 1:41:49 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
29011 Verzeichnisse wurden überprüft
320936 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
320934 Dateien ohne Befall
8576 Archive wurden durchsucht
0 Warnungen
1 Hinweise
753084 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
|
|
03.10.2014, 12:11
| #2 |
| /// the machine /// TB-Ausbilder    | Antivir hat Virus gefunden was nun ? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
04.10.2014, 06:08
| #3 |
| | Antivir hat Virus gefunden was nun ? hi Schrauber... sorry war essen... hoffe es ist so wie Du es wolltest
__________________FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Lapi (administrator) on LAPI-PC on 03-10-2014 15:45:04
Running from C:\Users\Lapi\Desktop
Loaded Profile: Lapi (Available profiles: Lapi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1629817468-431739819-158479400-1000\...\MountPoints2: {ae487770-e613-11e2-a143-806e6f6e6963} - E:\InstAll.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-08] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x175486D02A7ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Lapi\AppData\Roaming\Mozilla\Firefox\Profiles\esrouokx.default
FF Homepage: web.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR Profile: C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-06]
CHR Extension: (Google Search) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-06]
CHR Extension: (TLRemove) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2013-07-06]
CHR Extension: (Facebook™ AdBlock) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\liocaibkbmonemochnpcmloemdfnjial [2014-03-08]
CHR Extension: (Google Wallet) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
U4 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [98816 2011-08-03] (ASIX Electronics Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 15:45 - 2014-10-03 15:47 - 00011650 _____ () C:\Users\Lapi\Desktop\FRST.txt
2014-10-03 15:44 - 2014-10-03 15:45 - 00000000 ____D () C:\FRST
2014-10-03 15:41 - 2014-10-03 15:42 - 02109440 _____ (Farbar) C:\Users\Lapi\Desktop\FRST64.exe
2014-10-03 09:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-02 19:01 - 2014-10-02 19:02 - 00022528 _____ () C:\Users\Lapi\Documents\pivot test.xls
2014-09-28 14:46 - 2014-10-02 09:49 - 00015360 _____ () C:\Users\Lapi\Documents\name höchste Punkte.xls
2014-09-25 08:27 - 2014-09-25 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 16:26 - 2014-09-23 16:26 - 00000000 __SHD () C:\Users\Lapi\AppData\Local\EmieUserList
2014-09-23 16:26 - 2014-09-23 16:26 - 00000000 __SHD () C:\Users\Lapi\AppData\Local\EmieSiteList
2014-09-12 08:53 - 2014-09-12 08:53 - 00000000 ____D () C:\Program Files (x86)\AX88772B
2014-09-10 16:52 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 16:52 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 16:52 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 16:52 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 16:52 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 16:52 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 16:52 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 16:52 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 16:52 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 16:52 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 16:52 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 16:52 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 16:52 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 16:52 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 16:52 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 16:52 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 16:52 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 16:52 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 16:52 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 16:52 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 16:52 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 16:52 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 16:52 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 16:52 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 16:52 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 16:52 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 16:52 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 16:52 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 16:52 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 16:52 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 16:52 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 16:52 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 16:52 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 16:52 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 16:52 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 16:52 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 16:52 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 16:52 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 16:52 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 16:52 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 16:51 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 16:51 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 16:51 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 16:51 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 16:51 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 16:51 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 16:51 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 16:51 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 16:51 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 16:51 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 16:51 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 16:51 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 16:51 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 16:51 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 16:51 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 16:51 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 07:45 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 07:45 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 07:45 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 07:45 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 07:45 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 15:42 - 2013-07-06 14:38 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 15:39 - 2013-07-06 14:38 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 15:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 15:39 - 2009-07-14 06:51 - 00140256 _____ () C:\Windows\setupact.log
2014-10-03 11:51 - 2013-07-06 10:19 - 01915250 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 11:04 - 2014-02-23 06:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 10:36 - 2014-03-24 09:37 - 00069396 _____ () C:\Windows\DPINST.LOG
2014-10-03 07:56 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 07:56 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 17:49 - 2013-07-06 12:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 11:33 - 2014-03-30 15:47 - 00000000 ____D () C:\Users\Lapi\Desktop\Ebay
2014-09-19 07:32 - 2014-01-16 08:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2009-10-14 07:13 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 20:21 - 2014-04-28 17:56 - 00000000 ____D () C:\Users\Lapi\Desktop\Ingrid
2014-09-12 18:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-12 16:02 - 2014-03-24 09:51 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-12 15:56 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 15:56 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 15:56 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 11:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 08:53 - 2013-07-06 11:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-11 19:31 - 2013-07-06 12:30 - 00322532 _____ () C:\Windows\PFRO.log
2014-09-10 17:20 - 2014-02-23 06:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 17:20 - 2013-07-06 14:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 17:20 - 2013-07-06 14:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 16:49 - 2013-11-27 17:54 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 16:47 - 2013-08-14 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 16:39 - 2009-10-14 07:12 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Lapi\AppData\Local\Temp\avgnt.exe
C:\Users\Lapi\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-26 07:33
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by Lapi at 2014-10-03 15:48:02
Running from C:\Users\Lapi\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{C42CA929-C55C-4435-F6B2-160C10FD301E}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
AX88772B (HKLM-x32\...\{576EF3BD-0F65-40A0-B5C3-A607E68723B8}) (Version: 1.00.0000 - )
Catalyst Control Center Core Implementation (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0330.2135.36914 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help English (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help French (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help German (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0330.2135.36914 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0330.2135.36914 - ATI) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ETDWare PS/2-x64 7.0.5.10_WHQL (HKLM\...\Elantech) (Version: 7.0.5.10 - ELAN Microelectronics Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.50.2 - JMicron Technology Corp.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{90110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5300 - SRS Labs, Inc.)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
24-09-2014 05:30:45 Windows Update
27-09-2014 05:59:57 Windows Update
01-10-2014 05:36:25 Windows Update
03-10-2014 08:34:17 PC Connectivity Solution wird entfernt
03-10-2014 08:37:54 Nokia Connectivity Cable Driver wird entfernt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2B01F073-8AA7-442A-86D9-649580170F33} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {38367170-8135-496E-A210-D07689BF3A7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {448D4790-32D3-4FD2-91E2-1D49B2CDA367} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {46F0CBAF-6359-45D2-892C-FAB27A609F56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {7F24444C-C0D0-4A30-AF37-8C2B46D66B84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-07-06 10:29 - 2013-07-06 10:29 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-09-25 08:27 - 2014-09-25 08:27 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1629817468-431739819-158479400-500 - Administrator - Disabled)
Gast (S-1-5-21-1629817468-431739819-158479400-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1629817468-431739819-158479400-1002 - Limited - Enabled)
Lapi (S-1-5-21-1629817468-431739819-158479400-1000 - Administrator - Enabled) => C:\Users\Lapi
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: JMicron PCI Express Gigabit Ethernet Adapter
Description: JMicron PCI Express Gigabit Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: JME
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/03/2014 07:51:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0xf44
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (10/01/2014 07:34:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0xd48
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (09/26/2014 07:10:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007a4c
ID des fehlerhaften Prozesses: 0xb58
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (09/23/2014 05:54:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x2278
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3
Error: (09/22/2014 07:34:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007a4c
ID des fehlerhaften Prozesses: 0xe24
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (09/18/2014 05:37:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0xe3c
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (09/17/2014 07:39:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.1.5367, Zeitstempel: 0x541259dd
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.1.5367, Zeitstempel: 0x541225d2
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xa74
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/15/2014 07:36:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0x1140
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (09/12/2014 04:04:51 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={AA53600A-C81E-4C39-A11C-FDDAE478D7E1}: Der Benutzer "Lapi-PC\Lapi" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.
Error: (09/10/2014 00:09:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (10/03/2014 03:39:01 PM) (Source: JME) (EventID: 5008) (User: )
Description: JMicron PCI Express Gigabit Ethernet Adapter : Ungültige Netzwerkadresse entdeckt.
Error: (10/03/2014 07:44:53 AM) (Source: JME) (EventID: 5008) (User: )
Description: JMicron PCI Express Gigabit Ethernet Adapter : Ungültige Netzwerkadresse entdeckt.
Error: (10/02/2014 08:21:30 AM) (Source: JME) (EventID: 5008) (User: )
Description: JMicron PCI Express Gigabit Ethernet Adapter : Ungültige Netzwerkadresse entdeckt.
Error: (10/02/2014 06:52:17 AM) (Source: JME) (EventID: 5008) (User: )
Description: JMicron PCI Express Gigabit Ethernet Adapter : Ungültige Netzwerkadresse entdeckt.
Error: (10/01/2014 02:08:29 PM) (Source: JME) (EventID: 5008) (User: )
Description: JMicron PCI Express Gigabit Ethernet Adapter : Ungültige Netzwerkadresse entdeckt.
Error: (10/01/2014 07:27:58 AM) (Source: JME) (EventID: 5008) (User: )
Description: JMicron PCI Express Gigabit Ethernet Adapter : Ungültige Netzwerkadresse entdeckt.
Error: (09/30/2014 09:04:49 PM) (Source: JME) (EventID: 5008) (User: )
Description: JMicron PCI Express Gigabit Ethernet Adapter : Ungültige Netzwerkadresse entdeckt.
Error: (09/30/2014 02:36:39 PM) (Source: JME) (EventID: 5008) (User: )
Description: JMicron PCI Express Gigabit Ethernet Adapter : Ungültige Netzwerkadresse entdeckt.
Error: (09/30/2014 07:39:10 AM) (Source: JME) (EventID: 5008) (User: )
Description: JMicron PCI Express Gigabit Ethernet Adapter : Ungültige Netzwerkadresse entdeckt.
Error: (09/29/2014 07:15:40 AM) (Source: JME) (EventID: 5008) (User: )
Description: JMicron PCI Express Gigabit Ethernet Adapter : Ungültige Netzwerkadresse entdeckt.
Microsoft Office Sessions:
=========================
Error: (10/03/2014 07:51:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795bf4401cfdecd5bae9d61C:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exe4e795c87-4ac1-11e4-b574-e12c7c5c5ce6
Error: (10/01/2014 07:34:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795bd4801cfdd38aebe5527C:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exe9b26e2ff-492c-11e4-9265-8ad5f362fae8
Error: (09/26/2014 07:10:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c000000500007a4cb5801cfd94772702f78C:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exe629cca9e-453b-11e4-b5ea-be9cfcad15e9
Error: (09/23/2014 05:54:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e0227801cfd744ea275d8eC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dlld570ee18-4339-11e4-9546-bbc4e06ed8e8
Error: (09/22/2014 07:34:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c000000500007a4ce2401cfd6262589c879C:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exe14372613-421a-11e4-8359-d9dcda43bce9
Error: (09/18/2014 05:37:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795be3c01cfd2f137588933C:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exe20c29bf3-3ee5-11e4-8b18-9bfb0462a6e8
Error: (09/17/2014 07:39:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.1.5367541259ddmozalloc.dll32.0.1.5367541225d2800000030000141ba7401cfd23783251c4eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll06865180-3e2d-11e4-aee5-ae80ccf4a2e8
Error: (09/15/2014 07:36:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795b114001cfd0a65dd0c73bC:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exe4a9167fd-3c9a-11e4-9d34-919ce1bf1fe8
Error: (09/12/2014 04:04:51 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {AA53600A-C81E-4C39-A11C-FDDAE478D7E1}Lapi-PC\LapiBreitbandverbindung651
Error: (09/10/2014 00:09:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll
==================== Memory info ===========================
Processor: AMD Athlon(tm) II P320 Dual-Core Processor
Percentage of memory in use: 31%
Total physical RAM: 4093.82 MB
Available physical RAM: 2803.79 MB
Total Pagefile: 8185.83 MB
Available Pagefile: 6575.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.8 GB) (Free:59.26 GB) NTFS
Drive d: () (Fixed) (Total:200.19 GB) (Free:158.97 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2044A15B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
04.10.2014, 21:35
| #4 |
| /// the machine /// TB-Ausbilder | Antivir hat Virus gefunden was nun ? hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.10.2014, 08:49
| #5 |
| | Antivir hat Virus gefunden was nun ?Code:
ATTFilter ComboFix 14-10-04.01 - Lapi 05.10.2014 9:36.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4094.2665 [GMT 2:00]
ausgeführt von:: c:\users\Lapi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-05 bis 2014-10-05 ))))))))))))))))))))))))))))))
.
.
2014-10-05 07:42 . 2014-10-05 07:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-04 07:17 . 2014-10-04 09:12 -------- d-----w- C:\AdwCleaner
2014-10-04 06:22 . 2014-10-04 06:22 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-10-04 06:22 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-04 06:22 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-03 13:44 . 2014-10-04 09:52 -------- d-----w- C:\FRST
2014-10-03 07:28 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-10-03 05:53 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{503E21F3-863B-4976-B2C8-F75ECB1ACAA9}\mpengine.dll
2014-09-23 14:26 . 2014-09-23 14:26 -------- d-sh--w- c:\users\Lapi\AppData\Local\EmieUserList
2014-09-23 14:26 . 2014-09-23 14:26 -------- d-sh--w- c:\users\Lapi\AppData\Local\EmieSiteList
2014-09-12 06:53 . 2014-09-12 06:53 -------- d-----w- c:\program files (x86)\AX88772B
2014-09-10 14:51 . 2014-08-18 22:18 639488 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2014-09-10 05:45 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 05:45 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 05:45 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 05:45 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 05:45 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-04 09:18 . 2014-04-09 13:07 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-15 07:06 . 2009-10-14 05:13 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-10 15:20 . 2013-07-06 12:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 15:20 . 2013-07-06 12:41 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 14:39 . 2009-10-14 05:12 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-23 02:07 . 2014-08-28 05:18 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 05:18 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 05:18 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-13 05:41 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-13 05:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-13 05:39 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 05:39 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-10 13:07 . 2013-07-06 10:20 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-30 102400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-14 751184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AX88772B;ASIX AX88772B USB2.0 to Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ax88772b.sys;c:\windows\SYSNATIVE\DRIVERS\ax88772b.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 06:44 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-06 15:20]
.
2014-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06 12:38]
.
2014-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06 12:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-13 10144288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Lapi\AppData\Roaming\Mozilla\Firefox\Profiles\esrouokx.default\
FF - prefs.js: browser.startup.homepage - web.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-05 09:44:45
ComboFix-quarantined-files.txt 2014-10-05 07:44
.
Vor Suchlauf: 8 Verzeichnis(se), 64.354.496.512 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 64.123.531.264 Bytes frei
.
- - End Of File - - D85173517CE6D1EA3C23126FA599E689
Ja obwohl antivir deaktiviert war. kam eine Meldung das combofix in der registry blockiert wurde |
|
06.10.2014, 08:14
| #6 |
| /// the machine /// TB-Ausbilder | Antivir hat Virus gefunden was nun ? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Antivir hat Virus gefunden was nun ? |
|
06.10.2014, 10:36
| #7 |
| | Antivir hat Virus gefunden was nun ?Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.10.2014 Suchlauf-Zeit: 10:37:02 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.06.02 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Lapi Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 315579 Verstrichene Zeit: 17 Min, 34 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 06/10/2014 um 11:05:32
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Lapi - LAPI-PC
# Gestartet von : C:\Users\Lapi\Desktop\AdwCleaner_3.311.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.3 (x86 de)
[ Datei : C:\Users\Lapi\AppData\Roaming\Mozilla\Firefox\Profiles\esrouokx.default\prefs.js ]
-\\ Google Chrome v37.0.2062.124
[ Datei : C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
*************************
AdwCleaner[R12].txt - [1437 octets] - [04/10/2014 09:17:37]
AdwCleaner[R13].txt - [1498 octets] - [04/10/2014 09:24:07]
AdwCleaner[R14].txt - [1144 octets] - [04/10/2014 11:10:28]
AdwCleaner[R15].txt - [1335 octets] - [06/10/2014 11:04:00]
AdwCleaner[S10].txt - [1135 octets] - [06/10/2014 11:05:32]
AdwCleaner[S8].txt - [1558 octets] - [04/10/2014 09:25:37]
AdwCleaner[S9].txt - [1205 octets] - [04/10/2014 11:12:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [1316 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.0 (10.05.2014:1)
OS: Windows 7 Ultimate x64
Ran by Lapi on 06.10.2014 at 11:11:40,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Lapi\AppData\Roaming\mozilla\firefox\profiles\esrouokx.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.10.2014 at 11:17:14,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014
Ran by Lapi (administrator) on LAPI-PC on 06-10-2014 11:32:14
Running from C:\Users\Lapi\Desktop
Loaded Profile: Lapi (Available profiles: Lapi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x175486D02A7ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Lapi\AppData\Roaming\Mozilla\Firefox\Profiles\esrouokx.default
FF Homepage: web.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR Profile: C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-06]
CHR Extension: (Google-Suche) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-06]
CHR Extension: (TLRemove) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2013-07-06]
CHR Extension: (Facebook™ AdBlock) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\liocaibkbmonemochnpcmloemdfnjial [2014-03-08]
CHR Extension: (Google Wallet) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
U4 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [98816 2011-08-03] (ASIX Electronics Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-06] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-06 11:31 - 2014-10-06 11:32 - 00011421 _____ () C:\Users\Lapi\Desktop\FRST.txt
2014-10-06 11:30 - 2014-10-06 11:30 - 02109952 _____ (Farbar) C:\Users\Lapi\Desktop\FRST64.exe
2014-10-06 11:17 - 2014-10-06 11:17 - 00000750 _____ () C:\Users\Lapi\Desktop\JRT.txt
2014-10-06 11:10 - 2014-10-06 11:10 - 01704938 _____ (Thisisu) C:\Users\Lapi\Desktop\JRT.exe
2014-10-06 11:03 - 2014-10-06 11:03 - 01375089 _____ () C:\Users\Lapi\Desktop\AdwCleaner_3.311.exe
2014-10-06 10:57 - 2014-10-06 10:57 - 00001156 _____ () C:\mbam.txt
2014-10-06 09:57 - 2014-10-06 10:08 - 00010240 _____ () C:\Users\Lapi\Documents\pivot 2002.xls
2014-10-05 09:44 - 2014-10-05 09:44 - 00010042 _____ () C:\ComboFix.txt
2014-10-05 09:34 - 2014-10-05 09:44 - 00000000 ____D () C:\Qoobox
2014-10-05 09:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-05 09:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-05 09:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-05 09:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-05 09:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-05 09:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-05 09:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-05 09:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-05 09:33 - 2014-10-05 09:43 - 00000000 ____D () C:\Windows\erdnt
2014-10-05 09:28 - 2014-10-05 09:28 - 05582481 ____R (Swearware) C:\Users\Lapi\Desktop\ComboFix.exe
2014-10-04 09:17 - 2014-10-06 11:05 - 00000000 ____D () C:\AdwCleaner
2014-10-04 08:22 - 2014-10-04 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-04 08:22 - 2014-10-04 08:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-04 08:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-04 08:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-04 07:52 - 2014-10-04 08:17 - 00000000 ____D () C:\Users\Lapi\Desktop\mbar
2014-10-03 15:44 - 2014-10-06 11:32 - 00000000 ____D () C:\FRST
2014-10-03 09:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-02 19:01 - 2014-10-06 08:11 - 00033280 _____ () C:\Users\Lapi\Documents\pivot test.xls
2014-09-28 14:46 - 2014-10-02 09:49 - 00015360 _____ () C:\Users\Lapi\Documents\name höchste Punkte.xls
2014-09-25 08:27 - 2014-09-25 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 16:26 - 2014-09-23 16:26 - 00000000 __SHD () C:\Users\Lapi\AppData\Local\EmieUserList
2014-09-23 16:26 - 2014-09-23 16:26 - 00000000 __SHD () C:\Users\Lapi\AppData\Local\EmieSiteList
2014-09-12 08:53 - 2014-09-12 08:53 - 00000000 ____D () C:\Program Files (x86)\AX88772B
2014-09-10 16:52 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 16:52 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 16:52 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 16:52 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 16:52 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 16:52 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 16:52 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 16:52 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 16:52 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 16:52 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 16:52 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 16:52 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 16:52 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 16:52 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 16:52 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 16:52 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 16:52 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 16:52 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 16:52 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 16:52 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 16:52 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 16:52 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 16:52 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 16:52 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 16:52 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 16:52 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 16:52 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 16:52 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 16:52 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 16:52 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 16:52 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 16:52 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 16:52 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 16:52 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 16:52 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 16:52 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 16:52 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 16:52 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 16:52 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 16:52 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 16:51 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 16:51 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 16:51 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 16:51 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 16:51 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 16:51 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 16:51 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 16:51 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 16:51 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 16:51 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 16:51 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 16:51 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 16:51 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 16:51 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 16:51 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 16:51 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 07:45 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 07:45 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 07:45 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 07:45 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 07:45 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-06 11:12 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 11:12 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 11:07 - 2013-07-06 14:38 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 11:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 11:06 - 2013-07-06 12:30 - 00326264 _____ () C:\Windows\PFRO.log
2014-10-06 11:06 - 2013-07-06 10:19 - 02072096 _____ () C:\Windows\WindowsUpdate.log
2014-10-06 11:06 - 2009-07-14 06:51 - 00141096 _____ () C:\Windows\setupact.log
2014-10-06 11:04 - 2014-02-23 06:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-06 10:42 - 2013-07-06 14:38 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-06 10:36 - 2014-04-09 15:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 09:53 - 2014-04-04 15:15 - 00001965 _____ () C:\Users\Lapi\Desktop\Avira PC Cleaner.lnk
2014-10-05 09:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-05 09:42 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-03 10:36 - 2014-03-24 09:37 - 00069396 _____ () C:\Windows\DPINST.LOG
2014-09-26 17:49 - 2013-07-06 12:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 11:33 - 2014-03-30 15:47 - 00000000 ____D () C:\Users\Lapi\Desktop\Ebay
2014-09-19 07:32 - 2014-01-16 08:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2009-10-14 07:13 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 20:21 - 2014-04-28 17:56 - 00000000 ____D () C:\Users\Lapi\Desktop\Ingrid
2014-09-12 18:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-12 16:02 - 2014-03-24 09:51 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-12 15:56 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 15:56 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 15:56 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 11:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 08:53 - 2013-07-06 11:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-10 17:20 - 2014-02-23 06:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 17:20 - 2013-07-06 14:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 17:20 - 2013-07-06 14:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 16:49 - 2013-11-27 17:54 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 16:47 - 2013-08-14 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 16:39 - 2009-10-14 07:12 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Lapi\AppData\Local\Temp\avgnt.exe
C:\Users\Lapi\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-26 07:33
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014
Ran by Lapi at 2014-10-06 11:32:55
Running from C:\Users\Lapi\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{C42CA929-C55C-4435-F6B2-160C10FD301E}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
AX88772B (HKLM-x32\...\{576EF3BD-0F65-40A0-B5C3-A607E68723B8}) (Version: 1.00.0000 - )
Catalyst Control Center Core Implementation (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0330.2135.36914 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help English (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help French (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help German (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0330.2135.36914 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0330.2135.36914 - ATI) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ETDWare PS/2-x64 7.0.5.10_WHQL (HKLM\...\Elantech) (Version: 7.0.5.10 - ELAN Microelectronics Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.50.2 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{90110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5300 - SRS Labs, Inc.)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-09-2014 05:59:57 Windows Update
01-10-2014 05:36:25 Windows Update
03-10-2014 08:34:17 PC Connectivity Solution wird entfernt
03-10-2014 08:37:54 Nokia Connectivity Cable Driver wird entfernt
05-10-2014 07:34:34 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-10-05 09:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {38367170-8135-496E-A210-D07689BF3A7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {448D4790-32D3-4FD2-91E2-1D49B2CDA367} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {46F0CBAF-6359-45D2-892C-FAB27A609F56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {7F24444C-C0D0-4A30-AF37-8C2B46D66B84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-07-06 10:29 - 2013-07-06 10:29 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-09-25 08:27 - 2014-09-25 08:27 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-25 08:47 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 08:47 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 08:47 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 08:47 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 08:47 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-25 08:47 - 2014-09-23 06:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1629817468-431739819-158479400-500 - Administrator - Disabled)
Gast (S-1-5-21-1629817468-431739819-158479400-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1629817468-431739819-158479400-1002 - Limited - Enabled)
Lapi (S-1-5-21-1629817468-431739819-158479400-1000 - Administrator - Enabled) => C:\Users\Lapi
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: JMicron PCI Express Gigabit Ethernet Adapter
Description: JMicron PCI Express Gigabit Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: JME
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-10-05 09:41:30.276
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-05 09:41:29.996
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II P320 Dual-Core Processor
Percentage of memory in use: 35%
Total physical RAM: 4093.82 MB
Available physical RAM: 2636.53 MB
Total Pagefile: 8185.83 MB
Available Pagefile: 6253.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.8 GB) (Free:58.45 GB) NTFS
Drive d: () (Fixed) (Total:200.19 GB) (Free:158.97 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2044A15B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Some content of TEMP: ==================== C:\Users\Lapi\AppData\Local\Temp\avgnt.exe C:\Users\Lapi\AppData\Local\Temp\Quarantine.exe |
|
06.10.2014, 18:50
| #8 |
| /// the machine /// TB-Ausbilder | Antivir hat Virus gefunden was nun ? Das sind nur Tempfiles. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.10.2014, 07:36
| #9 |
| | Antivir hat Virus gefunden was nun ?Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a4a0dca03e5c8845990efe5e5b62da4c
# engine=20475
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-07 06:23:25
# local_time=2014-10-07 08:23:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 5287 278086295 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 87667 164292855 0 0
# scanned=115058
# found=0
# cleaned=0
# scan_time=3446
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (32.0.3)
Google Chrome 37.0.2062.120
Google Chrome 37.0.2062.124
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014
Ran by Lapi (administrator) on LAPI-PC on 07-10-2014 08:32:22
Running from C:\Users\Lapi\Desktop
Loaded Profile: Lapi (Available profiles: Lapi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x175486D02A7ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Lapi\AppData\Roaming\Mozilla\Firefox\Profiles\esrouokx.default
FF Homepage: web.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR Profile: C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-06]
CHR Extension: (Google-Suche) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-06]
CHR Extension: (TLRemove) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2013-07-06]
CHR Extension: (Facebook™ AdBlock) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\liocaibkbmonemochnpcmloemdfnjial [2014-03-08]
CHR Extension: (Google Wallet) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Lapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
U4 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [98816 2011-08-03] (ASIX Electronics Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-06] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-07 08:32 - 2014-10-07 08:33 - 00010971 _____ () C:\Users\Lapi\Desktop\FRST.txt
2014-10-07 08:26 - 2014-10-07 08:26 - 00854417 _____ () C:\Users\Lapi\Desktop\SecurityCheck.exe
2014-10-07 07:19 - 2014-10-07 07:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-07 07:16 - 2014-10-07 07:17 - 02347384 _____ (ESET) C:\Users\Lapi\Downloads\esetsmartinstaller_deu.exe
2014-10-06 11:30 - 2014-10-06 11:30 - 02109952 _____ (Farbar) C:\Users\Lapi\Desktop\FRST64.exe
2014-10-06 11:10 - 2014-10-06 11:10 - 01704938 _____ (Thisisu) C:\Users\Lapi\Desktop\JRT.exe
2014-10-06 11:03 - 2014-10-06 11:03 - 01375089 _____ () C:\Users\Lapi\Desktop\AdwCleaner_3.311.exe
2014-10-06 10:57 - 2014-10-06 10:57 - 00001156 _____ () C:\mbam.txt
2014-10-06 09:57 - 2014-10-06 20:53 - 00012288 _____ () C:\Users\Lapi\Documents\pivot 2002.xls
2014-10-05 09:44 - 2014-10-05 09:44 - 00010042 _____ () C:\ComboFix.txt
2014-10-05 09:34 - 2014-10-05 09:44 - 00000000 ____D () C:\Qoobox
2014-10-05 09:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-05 09:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-05 09:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-05 09:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-05 09:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-05 09:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-05 09:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-05 09:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-05 09:33 - 2014-10-05 09:43 - 00000000 ____D () C:\Windows\erdnt
2014-10-05 09:28 - 2014-10-05 09:28 - 05582481 ____R (Swearware) C:\Users\Lapi\Desktop\ComboFix.exe
2014-10-04 09:17 - 2014-10-06 11:05 - 00000000 ____D () C:\AdwCleaner
2014-10-04 08:22 - 2014-10-04 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-04 08:22 - 2014-10-04 08:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-04 08:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-04 08:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-04 07:52 - 2014-10-04 08:17 - 00000000 ____D () C:\Users\Lapi\Desktop\mbar
2014-10-03 15:44 - 2014-10-07 08:32 - 00000000 ____D () C:\FRST
2014-10-03 09:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-02 19:01 - 2014-10-06 08:11 - 00033280 _____ () C:\Users\Lapi\Documents\pivot test.xls
2014-09-28 14:46 - 2014-10-02 09:49 - 00015360 _____ () C:\Users\Lapi\Documents\name höchste Punkte.xls
2014-09-25 08:27 - 2014-09-25 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 16:26 - 2014-09-23 16:26 - 00000000 __SHD () C:\Users\Lapi\AppData\Local\EmieUserList
2014-09-23 16:26 - 2014-09-23 16:26 - 00000000 __SHD () C:\Users\Lapi\AppData\Local\EmieSiteList
2014-09-12 08:53 - 2014-09-12 08:53 - 00000000 ____D () C:\Program Files (x86)\AX88772B
2014-09-10 16:52 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 16:52 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 16:52 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 16:52 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 16:52 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 16:52 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 16:52 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 16:52 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 16:52 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 16:52 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 16:52 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 16:52 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 16:52 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 16:52 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 16:52 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 16:52 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 16:52 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 16:52 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 16:52 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 16:52 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 16:52 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 16:52 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 16:52 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 16:52 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 16:52 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 16:52 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 16:52 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 16:52 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 16:52 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 16:52 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 16:52 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 16:52 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 16:52 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 16:52 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 16:52 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 16:52 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 16:52 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 16:52 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 16:52 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 16:52 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 16:51 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 16:51 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 16:51 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 16:51 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 16:51 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 16:51 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 16:51 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 16:51 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 16:51 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 16:51 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 16:51 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 16:51 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 16:51 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 16:51 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 16:51 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 16:51 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 07:45 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 07:45 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 07:45 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 07:45 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 07:45 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-07 08:23 - 2009-07-14 06:51 - 00141264 _____ () C:\Windows\setupact.log
2014-10-07 08:04 - 2014-02-23 06:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-07 07:42 - 2013-07-06 14:38 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 06:54 - 2013-07-06 10:19 - 01065422 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 06:54 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-07 06:54 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 06:49 - 2013-07-06 14:38 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 06:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 11:06 - 2013-07-06 12:30 - 00326264 _____ () C:\Windows\PFRO.log
2014-10-06 10:36 - 2014-04-09 15:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 09:53 - 2014-04-04 15:15 - 00001965 _____ () C:\Users\Lapi\Desktop\Avira PC Cleaner.lnk
2014-10-05 09:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-05 09:42 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-03 10:36 - 2014-03-24 09:37 - 00069396 _____ () C:\Windows\DPINST.LOG
2014-09-26 17:49 - 2013-07-06 12:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 11:33 - 2014-03-30 15:47 - 00000000 ____D () C:\Users\Lapi\Desktop\Ebay
2014-09-19 07:32 - 2014-01-16 08:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2009-10-14 07:13 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 20:21 - 2014-04-28 17:56 - 00000000 ____D () C:\Users\Lapi\Desktop\Ingrid
2014-09-12 18:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-12 16:02 - 2014-03-24 09:51 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-12 15:56 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 15:56 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 15:56 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 11:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 08:53 - 2013-07-06 11:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-10 17:20 - 2014-02-23 06:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 17:20 - 2013-07-06 14:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 17:20 - 2013-07-06 14:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 16:49 - 2013-11-27 17:54 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 16:47 - 2013-08-14 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 16:39 - 2009-10-14 07:12 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Lapi\AppData\Local\Temp\avgnt.exe
C:\Users\Lapi\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-26 07:33
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014
Ran by Lapi at 2014-10-07 08:33:53
Running from C:\Users\Lapi\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{C42CA929-C55C-4435-F6B2-160C10FD301E}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
AX88772B (HKLM-x32\...\{576EF3BD-0F65-40A0-B5C3-A607E68723B8}) (Version: 1.00.0000 - )
Catalyst Control Center Core Implementation (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0330.2135.36914 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0330.2135.36914 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help English (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help French (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help German (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0330.2134.36914 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0330.2135.36914 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0330.2135.36914 - ATI) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-x64 7.0.5.10_WHQL (HKLM\...\Elantech) (Version: 7.0.5.10 - ELAN Microelectronics Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.50.2 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{90110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5300 - SRS Labs, Inc.)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-09-2014 05:59:57 Windows Update
01-10-2014 05:36:25 Windows Update
03-10-2014 08:34:17 PC Connectivity Solution wird entfernt
03-10-2014 08:37:54 Nokia Connectivity Cable Driver wird entfernt
05-10-2014 07:34:34 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-10-05 09:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {38367170-8135-496E-A210-D07689BF3A7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {448D4790-32D3-4FD2-91E2-1D49B2CDA367} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {46F0CBAF-6359-45D2-892C-FAB27A609F56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {7F24444C-C0D0-4A30-AF37-8C2B46D66B84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-07-06 10:29 - 2013-07-06 10:29 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-09-25 08:27 - 2014-09-25 08:27 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1629817468-431739819-158479400-500 - Administrator - Disabled)
Gast (S-1-5-21-1629817468-431739819-158479400-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1629817468-431739819-158479400-1002 - Limited - Enabled)
Lapi (S-1-5-21-1629817468-431739819-158479400-1000 - Administrator - Enabled) => C:\Users\Lapi
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: JMicron PCI Express Gigabit Ethernet Adapter
Description: JMicron PCI Express Gigabit Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: JME
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/07/2014 08:25:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/07/2014 07:19:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/07/2014 07:18:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/07/2014 07:18:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/07/2014 07:17:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/07/2014 07:17:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (10/07/2014 06:49:08 AM) (Source: JME) (EventID: 5008) (User: )
Description: JMicron PCI Express Gigabit Ethernet Adapter : Ungültige Netzwerkadresse entdeckt.
Error: (10/06/2014 01:24:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (10/07/2014 08:25:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (10/07/2014 07:19:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lapi\Downloads\esetsmartinstaller_deu.exe
Error: (10/07/2014 07:18:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lapi\Downloads\esetsmartinstaller_deu.exe
Error: (10/07/2014 07:18:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lapi\Downloads\esetsmartinstaller_deu.exe
Error: (10/07/2014 07:17:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lapi\Downloads\esetsmartinstaller_deu.exe
Error: (10/07/2014 07:17:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lapi\Downloads\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2014-10-05 09:41:30.276
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-05 09:41:29.996
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II P320 Dual-Core Processor
Percentage of memory in use: 40%
Total physical RAM: 4093.82 MB
Available physical RAM: 2441.36 MB
Total Pagefile: 8185.83 MB
Available Pagefile: 6271.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.8 GB) (Free:58.31 GB) NTFS
Drive d: () (Fixed) (Total:200.19 GB) (Free:158.97 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2044A15B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
07.10.2014, 07:48
| #10 |
| | Antivir hat Virus gefunden was nun ? MBAM hatte mir ja am 04 Oktober etwas in die Quarantäne verschoben soll ich das da lassen oder dort löschen ? sonst sieht doch alles ok aus oder danke dir |
|
07.10.2014, 20:28
| #11 |
| /// the machine /// TB-Ausbilder | Antivir hat Virus gefunden was nun ? Kannste machen wie du willst. Die Quarantäne is ja genau dafür da Java updaten. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Antivir hat Virus gefunden was nun ? |
| adware, adware/softpulse.107390, dnsapi.dll, fehlercode 0x5, fehlercode 0x80000003, fehlercode 0xc0000005, fehlercode 22, fehlercode windows, hdd0(c:, ntoskrnl.exe, prozesse, rundll32.exe, services.exe, spoolsv.exe, svchost.exe, system32, this device cannot start. (code10), this device is disabled. (code 22), winlogon.exe, wuauclt.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
