Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert

Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert


Log-Analyse und Auswertung: Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.10.2014, 19:02   #1
d1esahne
 
Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert - Standard

Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert


Einen wunderschönen guten Abend liebe Community,
ich habe folgendes Problem, Avira hat mir gerade ebend gemeldet er hätte einen Fund gemacht besagte Datei heißt boo/ cidox.b Masterbootsektor auf HD0 virus. Ich bin eigentlich kein dummer was PC´s angeht und Bereinigung aber diesmal hab ich mir selbst ins knie gebissen. Hab den entfernt und siehe da jetzt zeigt mein Windows es sei nicht mehr aktiviert. Schöner Mist jetzt spinnt auch noch meine explorer.exe die der Meinung ist sich 10 mal zu öffnen insgesamt 4GB AS verbrennt und ich hab nicht die leiseste Ahnung was los ist.
Alles fing auf Arbeit an, weil ich dort nicht meinen eigenen usb stick verwendet hatte.



FRST LOG:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by Florian (administrator) on FLORIAN-PC on 12-10-2014 19:28:32
Running from C:\Users\Florian\Desktop
Loaded Profile: Florian (Available profiles: Florian)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165624 2014-09-15] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKU\S-1-5-21-3700899397-2213452428-4285179099-1000\...\MountPoints2: {2343528b-9a80-11e3-920c-1c6f655fd9e4} - E:\dvdstart.exe
HKU\S-1-5-21-3700899397-2213452428-4285179099-1000\...\MountPoints2: {23435374-9a80-11e3-920c-1c6f655fd9e4} - F:\Autorun.exe
HKU\S-1-5-21-3700899397-2213452428-4285179099-1000\...\MountPoints2: {28e1e6f1-b07e-11e3-9b1b-1c6f655fd9e4} - F:\cdstart.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x90F8E481452CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default\Extensions\abs@avira.com [2014-10-12]
FF Extension: Adblock Plus - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-11]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [Not Found]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-15] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-04] (Disc Soft Ltd)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 19:28 - 2014-10-12 19:28 - 00009076 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-10-12 19:14 - 2014-10-12 19:28 - 00000000 ____D () C:\FRST
2014-10-12 19:13 - 2014-10-12 19:13 - 00000476 _____ () C:\Users\Florian\Desktop\defogger_disable.log
2014-10-12 19:13 - 2014-10-12 19:13 - 00000000 _____ () C:\Users\Florian\defogger_reenable
2014-10-12 19:12 - 2014-10-12 19:13 - 00380416 _____ () C:\Users\Florian\Desktop\Gmer-19357.exe
2014-10-12 19:11 - 2014-10-12 19:12 - 02110464 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-10-12 19:10 - 2014-10-12 19:10 - 00050477 _____ () C:\Users\Florian\Desktop\Defogger.exe
2014-10-12 18:58 - 2014-10-12 18:58 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-12 18:54 - 2014-10-12 18:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Florian\Desktop\tdsskiller.exe
2014-10-12 18:53 - 2014-10-12 18:53 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Process Hacker 2
2014-10-12 18:48 - 2014-10-12 18:48 - 01932448 _____ (wj32 ) C:\Users\Florian\Downloads\processhacker-2.33-setup.exe
2014-10-12 18:48 - 2014-10-12 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-10-12 18:48 - 2014-10-12 18:48 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-10-12 18:28 - 2014-10-12 18:28 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-12 18:27 - 2014-10-12 18:59 - 00000112 _____ () C:\Windows\setupact.log
2014-10-12 18:27 - 2014-10-12 18:27 - 00159920 _____ () C:\Windows\PFRO.log
2014-10-12 18:27 - 2014-10-12 18:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\Windows\pss
2014-10-12 18:15 - 2014-10-12 18:15 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-10-12 18:13 - 2014-10-12 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-12 18:13 - 2014-10-12 18:28 - 00000000 ____D () C:\ProgramData\Avira
2014-10-12 18:13 - 2014-10-12 18:28 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-12 18:13 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-12 18:13 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-12 18:13 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-12 18:11 - 2014-10-12 18:26 - 00000000 ____D () C:\AdwCleaner
2014-10-12 18:11 - 2014-10-12 18:11 - 01375089 _____ () C:\Users\Florian\Desktop\adwcleaner_3.311.exe
2014-10-12 18:10 - 2014-10-12 18:12 - 150010760 _____ () C:\Users\Florian\Downloads\avira07_free_antivirus_de.exe
2014-10-12 17:54 - 2014-10-12 17:54 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-10-12 17:54 - 2014-10-12 17:54 - 00001908 _____ () C:\Windows\diagerr.xml
2014-10-12 17:43 - 2014-10-12 17:43 - 00000000 ____D () C:\ProgramData\PafoMexla
2014-10-12 15:31 - 2014-10-12 15:31 - 00041687 _____ () C:\Users\Florian\Documents\gmerlog.log
2014-10-12 14:17 - 2014-10-12 17:19 - 00000000 ____D () C:\ProgramData\LoyzOkke
2014-10-12 14:17 - 2014-10-12 17:19 - 00000000 ____D () C:\ProgramData\FowajXewem
2014-10-12 14:13 - 2014-10-12 19:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 14:13 - 2014-10-12 14:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-29 20:50 - 2014-10-12 17:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 20:50 - 2014-09-29 20:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Florian\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-29 20:50 - 2014-09-29 20:50 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-29 20:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 20:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-29 20:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 12:34 - 2014-09-25 12:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 09:57 - 2014-09-25 09:57 - 00001644 _____ () C:\Users\Florian\Desktop\Photoshop.lnk
2014-09-25 09:17 - 2014-09-25 09:17 - 00000000 _____ () C:\Users\Florian\Desktop\1037 - 1131.txt
2014-09-25 09:16 - 2014-09-29 21:03 - 00000000 ____D () C:\Users\Florian\Desktop\tag der leitlinien
2014-09-23 19:53 - 2014-10-12 15:53 - 00000000 ____D () C:\ProgramData\EzukuWguqv
2014-09-18 18:20 - 2014-10-12 14:43 - 00000000 ____D () C:\ProgramData\UlibpUfxet
2014-09-18 18:19 - 2014-10-12 14:43 - 00000000 ____D () C:\ProgramData\AyabVozoj

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 19:22 - 2014-04-11 23:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-12 19:22 - 2014-02-12 00:06 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Adobe
2014-10-12 19:21 - 2014-04-11 23:42 - 00000000 ____D () C:\Program Files\Adobe
2014-10-12 19:19 - 2014-04-11 23:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-12 19:19 - 2014-02-14 01:56 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\DVDVideoSoft
2014-10-12 19:18 - 2014-02-11 23:00 - 00245984 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 19:13 - 2014-02-11 22:56 - 00000000 ____D () C:\Users\Florian
2014-10-12 19:03 - 2011-04-12 09:43 - 00698826 _____ () C:\Windows\system32\perfh007.dat
2014-10-12 19:03 - 2011-04-12 09:43 - 00148966 _____ () C:\Windows\system32\perfc007.dat
2014-10-12 19:03 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-12 18:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 18:37 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 18:37 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 18:29 - 2014-03-04 16:41 - 00000000 ____D () C:\Users\Florian\AppData\Local\LogMeIn Hamachi
2014-10-12 18:28 - 2014-02-11 23:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-12 18:24 - 2014-03-04 15:14 - 01316352 ___SH () C:\Users\Florian\Downloads\Thumbs.db
2014-10-12 18:19 - 2014-02-21 02:31 - 00000000 ____D () C:\Users\Florian\AppData\Local\CrashDumps
2014-10-12 18:19 - 2014-02-11 22:50 - 00000000 ____D () C:\Windows\Panther
2014-10-12 17:34 - 2014-02-12 00:03 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-10-12 16:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-12 15:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-10-12 14:13 - 2014-02-12 13:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-12 14:13 - 2014-02-12 13:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-29 20:49 - 2014-02-14 01:45 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\vlc
2014-09-29 20:46 - 2014-02-11 23:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 22:35 - 2014-03-04 15:01 - 00000000 ____D () C:\Users\Florian\Desktop\Programme
2014-09-23 23:29 - 2014-02-12 00:14 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Skype
2014-09-23 19:16 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\DAEMON Tools Lite
2014-09-23 19:16 - 2014-02-27 16:36 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\TS3Client
2014-09-23 19:16 - 2014-02-11 23:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-23 19:15 - 2014-03-04 15:01 - 00000000 ____D () C:\Users\Florian\Desktop\Spiele
2014-09-18 18:27 - 2014-02-12 00:14 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 00:15 - 2014-02-14 01:03 - 00000000 ____D () C:\Users\Florian\Downloads\Serien

Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\Quarantine.exe
C:\Users\Florian\AppData\Local\Temp\Uninstall.exe
C:\Users\Florian\AppData\Local\Temp\{D96D6489-761F-4DED-BBE8-4D8BD3DB20AD}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-12 16:05

==================== End Of Log ============================
Addtion:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014
Ran by Florian at 2014-10-12 19:28:52
Running from C:\Users\Florian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel: Convoy 1.0 (HKLM-x32\...\18 Wheels of Steel: Convoy) (Version: 1.0 - ValuSoft)
18 Wheels of Steel: Haulin'  (HKLM-x32\...\18 Wheels of Steel: Haulin') (Version:  - ValuSoft)
18 WoS Across America (HKLM-x32\...\InstallShield_{BF9BA346-27AA-4EE0-8333-FEA5400D2AA0}) (Version: 0.2.0000 - ValuSoft)
18 WoS Across America (x32 Version: 0.2.0000 - ValuSoft) Hidden
18 WoS: Voll aufs Gas (HKLM-x32\...\{39286675-3166-9420-2336-779493021964}) (Version: 1.0 - rondomedia)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version:  - Bohemia Interactive)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{deb50ae5-d3c4-4eae-a7a8-3dce2a7325b1}) (Version: 1.1.21.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Big Fun Zug Um Zug (HKLM-x32\...\Zug Um Zug) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cobra 11 - Highway Nights (remove only) (HKLM-x32\...\HighwayNights) (Version:  - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims 2: Family Fun - Accessoires (HKLM-x32\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version:  - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
Die Sims 2: Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )
Die Sims 2: Wilde Campus-Jahre (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version:  - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version:  - Electronic Arts)
Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)
Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )
Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
Die Sims™ 2 IKEA® Home-Accessoires (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version:  - Electronic Arts)
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )
Die Sims™ 2 Teen Style-Accessoires (HKLM-x32\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version:  - Electronic Arts)
Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )
Die Sims™ 2 Villen- und Garten-Accessoires (HKLM-x32\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version:  - Electronic Arts)
Die Sims™ 2: Glamour-Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
K-Lite Codec Pack 10.3.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X Demo (HKLM-x32\...\InstallShield_{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}) (Version: 1.00.0000 - Microsoft Game Studios)
Microsoft Flight Simulator X Demo (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

24-08-2014 10:25:04 Geplanter Prüfpunkt
01-09-2014 23:29:12 Geplanter Prüfpunkt
13-09-2014 20:17:25 Geplanter Prüfpunkt
23-09-2014 18:45:52 Geplanter Prüfpunkt
12-10-2014 12:22:13 Windows Modules Installer
12-10-2014 17:17:41 Removed LogMeIn Hamachi

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-03-11 11:42 - 00000987 ____A C:\Windows\system32\Drivers\etc\hosts
	 127.0.0.1       activation.cloud.techsmith.com
     127.0.0.1       65.52.240.48
     127.0.0.1       oscount.techsmith.com
     127.0.0.1       69.167.144.18

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6DC72263-47D9-425F-ABCC-C759D9287785} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-12] (Adobe Systems Incorporated)
Task: {7508A622-117C-41C0-AB80-60A2C2AE7640} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-15 11:56 - 2014-09-15 11:56 - 00140024 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-15 11:56 - 2014-09-15 11:56 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-10-12 18:28 - 2014-09-15 11:56 - 00051504 _____ () C:\Users\Florian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-25 12:34 - 2014-09-25 12:34 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33903590.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33903590.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Florian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^proquota.lnk => C:\Windows\pss\proquota.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Florian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RunLegacyCPLElevated.lnk => C:\Windows\pss\RunLegacyCPLElevated.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3700899397-2213452428-4285179099-500 - Administrator - Disabled)
Florian (S-1-5-21-3700899397-2213452428-4285179099-1000 - Administrator - Enabled) => C:\Users\Florian
Gast (S-1-5-21-3700899397-2213452428-4285179099-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3700899397-2213452428-4285179099-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Diskettenlaufwerk
Description: Diskettenlaufwerk
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standarddiskettenlaufwerke)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: DTSOFT Virtual CdRom Device
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2014 07:01:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 06:29:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 06:24:13 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3700899397-2213452428-4285179099-1000}/">.

Error: (10/12/2014 06:19:41 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3700899397-2213452428-4285179099-1000}/">.

Error: (10/12/2014 05:50:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c8f9
Ausnahmecode: 0xc000070a
Fehleroffset: 0x000000000005d009
ID des fehlerhaften Prozesses: 0x158c
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (10/12/2014 05:22:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 05:13:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 04:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x03596dc5
ID des fehlerhaften Prozesses: 0xb2c
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (10/12/2014 03:48:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 03:42:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca28
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01d66dc5
ID des fehlerhaften Prozesses: 0xefc
Startzeit der fehlerhaften Anwendung: 0xregsvr32.exe0
Pfad der fehlerhaften Anwendung: regsvr32.exe1
Pfad des fehlerhaften Moduls: regsvr32.exe2
Berichtskennung: regsvr32.exe3


System errors:
=============
Error: (10/12/2014 07:00:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/12/2014 07:00:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/12/2014 07:00:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (10/12/2014 06:29:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/12/2014 05:21:24 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/12/2014 05:20:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sarconsogulpe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/12/2014 05:13:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/12/2014 05:11:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/12/2014 05:11:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/12/2014 05:11:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (10/12/2014 07:01:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 06:29:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 06:24:13 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3700899397-2213452428-4285179099-1000}/

Error: (10/12/2014 06:19:41 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3700899397-2213452428-4285179099-1000}/

Error: (10/12/2014 05:50:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175144ce7a144ntdll.dll6.1.7601.175144ce7c8f9c000070a000000000005d009158c01cfe632c114b210C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll8843d310-5227-11e4-a756-1c6f655fd9e4

Error: (10/12/2014 05:22:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 05:13:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 04:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000503596dc5b2c01cfe62318df7800C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeunknown110f1d20-521a-11e4-a7b3-1c6f655fd9e4

Error: (10/12/2014 03:48:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/12/2014 03:42:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.1.7600.163854a5bca28unknown0.0.0.000000000c000000501d66dc5efc01cfe62256805fe0C:\Windows\SysWOW64\regsvr32.exeunknown94367040-5215-11e4-869d-1c6f655fd9e4


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 21%
Total physical RAM: 10238.49 MB
Available physical RAM: 8083.34 MB
Total Pagefile: 20475.18 MB
Available Pagefile: 18153.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:382.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B0FDAF4D)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Mbam log:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 12.10.2014
Scan Time: 19:40:25
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.12.06
Rootkit Database: v2014.10.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Florian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312888
Time Elapsed: 6 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.FakeMS.ED, C:\Windows\Installer\{1D8F59D2-9056-4610-95B6-D3BF42162672}\msiexec.exe, , [bd198d86601c00365bf9e7e8cc35c43c], 
Trojan.FakeMS.ED, C:\Windows\Installer\{10DAFDF8-E226-404C-8998-EF9F3AF0B17C}\msiexec.exe, , [d30362b1c1bb2214a7adf7d8649d0000], 

Physical Sectors: 0
(No malicious items detected)


(end)

 

Themen zu Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert
4d36e972-e325-11ce-bfc1-08002be10318, antivirus, boo/cidox.b, branding, explorer.exe, fehlercode 0x0, fehlercode 0xc0000005, fehlercode 0xc000070a, fehlercode 22, fehlercode windows, firefox, flash player, mozilla, problem, registry, services.exe, software, svchost.exe, system, teredo, this device cannot start. (code10), this device is disabled. (code 22), trojan.fakems.ed, virus, win32/adware.adpeak.g, win32/downloadsponsor.a, win32/psw.papras.dj


« unerwünschte POPUP's und Musik fängt zu spielen an | Virenscanner meldet TR/Crypt.Xpack.99996 »


Ähnliche Themen: Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert


  1. Windows 10 plötzlich nicht mehr aktiviert
    Alles rund um Windows - 04.10.2015 (0)
  2. Windows 10 Upgrade von Windows 8.1 Windows ist nicht aktiviert.
    Alles rund um Windows - 30.07.2015 (5)
  3. Windows 7: Sicherheitscenter kann nicht aktiviert werden, Avira funktioniert nicht mehr
    Log-Analyse und Auswertung - 24.06.2015 (13)
  4. Windows XP: Nach fehlgeschlagener Programminstallation fehlen 2 GB Speicherplatz und Avira meldet „Verstecktes Objekt“ C:\windows\system32\
    Log-Analyse und Auswertung - 11.06.2015 (13)
  5. Windows 7: Avira Antivirus meldet Virus oder unerwünschtes Programm 'EXP/SWF.ExKit.aer.1' gefunden
    Log-Analyse und Auswertung - 26.08.2014 (5)
  6. Windows 7 - Avira meldet Befall mit BOO/Cidox.B und TR/Downloader.A.2539
    Log-Analyse und Auswertung - 08.05.2014 (10)
  7. Windows 7 (32bit): Virenfund und Windows Firewall kann nicht aktiviert werden
    Log-Analyse und Auswertung - 03.02.2014 (9)
  8. Windows Sicherheitscenter kann wieder nicht mehr aktiviert werden
    Log-Analyse und Auswertung - 06.12.2013 (13)
  9. Windows 7: Sicherheitscenter kann nicht aktiviert werden, Update funktioniert nicht mehr!
    Log-Analyse und Auswertung - 22.11.2013 (19)
  10. Windows-Sicherheitscenter kann nicht aktiviert werden und Windows-Firewall Fehlercode 0x80070424
    Log-Analyse und Auswertung - 17.10.2012 (27)
  11. avira antivirus premium meldet in c:\windows\system32\services.exe Virus w32/patched.ub
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (22)
  12. Firewall, Essentiel und Windows Defender können nicht mehr aktiviert werden
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (1)
  13. Windows security center - Windows nicht Aktiviert
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (3)
  14. Systemsteuerung ->Sichern & Wiederherstellen wird nicht angezeigt -Windows meldet: Avira nicht aktiv
    Plagegeister aller Art und deren Bekämpfung - 16.10.2011 (1)
  15. Google Suchergebnisse werden weiter geleitet Windows 7 Firewall kann nicht mehr aktiviert werden
    Log-Analyse und Auswertung - 15.07.2011 (19)
  16. Dienste in Windows XP können nicht mehr aktiviert werden
    Alles rund um Windows - 03.09.2010 (8)
  17. c:\windows\system32\wbem\wmiprvse.exe Avira meldet hir einen Virus
    Plagegeister aller Art und deren Bekämpfung - 12.02.2010 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert - Einen wunderschönen guten Abend liebe Community, ich habe folgendes Problem, Avira hat mir gerade ebend gemeldet er hätte einen Fund gemacht besagte Datei heißt boo/ cidox.b Masterbootsektor auf HD0 virus. - Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert...
Archiv
Du betrachtest: Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19