| |
| |||||||
Log-Analyse und Auswertung: Virusvermutung: Uhrzeit verstellt sich immer und surfen ist unmöglich!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.10.2014, 16:06
| #1 |
| |  Virusvermutung: Uhrzeit verstellt sich immer und surfen ist unmöglich! Hi. Habe nur einen Verdacht. Kenne mich mit den Logfiles nicht so wirklich aus, aber habe es mal gepostet. Seit längerem verstellt sich meine Uhr, unten recht's, immer wieder. Kann auch nicht wirklich neu synchroniesieren und manche Internetseiten sagen mir dann, dass das Sicherheitszertifikat abgeloffen sei. Hat laut Google einen Zusammenhang mit der Uhrzeit. Und seit vorgestern ist es quasi unmöglich im Browser zu surfen. Es geht immer wieder 1-2 min und dann spinnt es rum und macht garnicht's mehr. Wollte jetzt mal Eure Meinung hören und gegebenfalls um Hilfe bitten. Danke mal Habe Windows 7 Logfiles: defogger Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:24 on 14/10/2014 (Produzent)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014
Ran by Produzent (administrator) on PRODUZENT-PC on 14-10-2014 22:28:22
Running from C:\Users\Produzent\Desktop
Loaded Profile: Produzent (Available profiles: Produzent)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
() C:\Program Files\RocketDock\RocketDock.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
() C:\Program Files\OpenVPN\bin\openvpn.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Produzent\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-237654910-3141975521-2953661306-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-03-03] (TrueCrypt Foundation)
HKU\S-1-5-21-237654910-3141975521-2953661306-1000\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-237654910-3141975521-2953661306-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-237654910-3141975521-2953661306-1000\...\Policies\Explorer: [NoDrives] 0x00000000
HKU\S-1-5-21-237654910-3141975521-2953661306-1000\...\MountPoints2: {6b7487b2-9ebf-11e3-9637-806e6f6e6963} - D:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk
ShortcutTarget: TP-LINK-Konfigurationstool.lnk -> C:\Program Files\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe ()
BootExecute: autocheck autochk /r \??\F:autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x10DACF3DDD36CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files\avira\Internet Explorer\avira32.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Produzent\AppData\Roaming\Mozilla\Firefox\Profiles\f761nl4b.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF user.js: detected! => C:\Users\Produzent\AppData\Roaming\Mozilla\Firefox\Profiles\f761nl4b.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Produzent\AppData\Roaming\Mozilla\Firefox\Profiles\f761nl4b.default\Extensions\abs@avira.com [2014-10-09]
FF Extension: Avira Savings Advisor - C:\Users\Produzent\AppData\Roaming\Mozilla\Firefox\Profiles\f761nl4b.default\Extensions\ciuvo-extension@avira.de [2014-03-03]
FF Extension: WOT - C:\Users\Produzent\AppData\Roaming\Mozilla\Firefox\Profiles\f761nl4b.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-03]
FF Extension: Classic Theme Restorer - C:\Users\Produzent\AppData\Roaming\Mozilla\Firefox\Profiles\f761nl4b.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-12]
FF Extension: Facebook Blocker - C:\Users\Produzent\AppData\Roaming\Mozilla\Firefox\Profiles\f761nl4b.default\Extensions\info@skymeissner.com.xpi [2014-03-03]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Produzent\AppData\Roaming\Mozilla\Firefox\Profiles\f761nl4b.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-07-07]
FF Extension: NoScript - C:\Users\Produzent\AppData\Roaming\Mozilla\Firefox\Profiles\f761nl4b.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-03]
FF Extension: Adblock Plus - C:\Users\Produzent\AppData\Roaming\Mozilla\Firefox\Profiles\f761nl4b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-03]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
S4 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2012-05-31] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2014-01-23] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-01-23] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540168 2014-01-23] ()
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1a\WNt500x86\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-14 22:28 - 2014-10-14 22:28 - 00011384 _____ () C:\Users\Produzent\Desktop\FRST.txt
2014-10-14 22:28 - 2014-10-14 22:28 - 00000000 ____D () C:\FRST
2014-10-14 22:27 - 2014-10-14 22:27 - 01101824 _____ (Farbar) C:\Users\Produzent\Desktop\FRST.exe
2014-10-14 22:24 - 2014-10-14 22:24 - 00000480 _____ () C:\Users\Produzent\Desktop\defogger_disable.log
2014-10-14 22:24 - 2014-10-14 22:24 - 00000000 _____ () C:\Users\Produzent\defogger_reenable
2014-10-14 22:14 - 2014-10-14 22:14 - 00050477 _____ () C:\Users\Produzent\Desktop\Defogger.exe
2014-10-14 19:24 - 2014-10-14 19:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-09 09:24 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-24 22:42 - 2014-10-14 21:46 - 00000072 _____ () C:\Users\Produzent\Desktop\werbe whatsapp.txt
2014-09-24 20:00 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-14 22:24 - 2014-02-26 10:30 - 00000000 ____D () C:\Users\Produzent
2014-10-14 22:12 - 2014-03-20 01:06 - 00000000 ____D () C:\Users\Produzent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-10-14 22:12 - 2014-03-16 22:33 - 00000000 ____D () C:\Program Files\Image-Line
2014-10-14 22:11 - 2014-03-20 01:07 - 00000000 ____D () C:\Program Files\VstPlugins
2014-10-14 22:08 - 2014-02-26 10:27 - 01157966 _____ () C:\Windows\WindowsUpdate.log
2014-10-14 21:42 - 2014-03-03 14:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-14 21:27 - 2014-03-11 21:33 - 00000000 ____D () C:\Users\Produzent\AppData\Roaming\vlc
2014-10-14 21:19 - 2014-03-17 11:54 - 00000000 ____D () C:\Users\Produzent\AppData\Roaming\Winamp
2014-10-14 21:18 - 2009-07-14 06:34 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-14 21:18 - 2009-07-14 06:34 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-14 21:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 20:09 - 2014-03-03 14:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-14 19:08 - 2014-03-04 10:54 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 19:08 - 2014-03-03 15:05 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 19:08 - 2014-03-03 15:05 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-14 18:58 - 2014-07-16 14:56 - 00000000 ____D () C:\Program Files\JDownloader
2014-10-09 13:38 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 10:10 - 2014-07-14 16:44 - 00019960 _____ () C:\Windows\wininit.ini
2014-10-09 10:08 - 2014-03-17 12:43 - 00000000 ____D () C:\Users\Produzent\Theme
2014-10-09 10:07 - 2014-07-14 19:57 - 00271051 _____ () C:\Quarantine.lst
2014-09-25 05:12 - 2014-03-15 22:38 - 00000000 ____D () C:\Windows\rescache
2014-09-24 22:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 20:42 - 2014-03-03 14:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 20:42 - 2014-03-03 14:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Produzent\AppData\Local\Temp\avgnt.exe
C:\Users\Produzent\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Produzent\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Produzent\AppData\Local\Temp\TUUUninstallHelper.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-09 09:44
==================== End Of Log ============================
Addition Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-10-2014
Ran by Produzent at 2014-10-14 22:28:59
Running from C:\Users\Produzent\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{0BD03BF6-3A66-EC7F-5155-28A8D6C69409}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
ATI Stream SDK v2 Developer (HKLM\...\{86B247F9-1D5E-CCC6-3280-71486D9A4E70}) (Version: 2.3.0.0 - ATI Technologies Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Avira Savings Advisor (HKLM\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira) <==== ATTENTION
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Dogecoin (HKCU\...\Dogecoin) (Version: 1.6.0.0 - Dogecoin)
Edison (HKLM\...\Edison) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version: - )
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{E5F9BFAF-2FD9-4637-BA4E-5C2BC3A0763D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IL DrumSynth Live (HKLM\...\IL DrumSynth Live) (Version: - Image-Line)
IL Gross Beat (HKLM\...\IL Gross Beat) (Version: - Image-Line)
IL Harmless (HKLM\...\IL Harmless) (Version: - Image-Line)
IL Harmor (HKLM\...\IL Harmor) (Version: - Image-Line)
IL Juice Pack (HKLM\...\IL Juice Pack) (Version: - Image-Line)
IL MiniHost (HKLM\...\IL MiniHost) (Version: - Image-Line)
IL Ogun (HKLM\...\IL Ogun) (Version: - Image-Line)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version: - Image-Line)
IL Slicex (HKLM\...\IL Slicex) (Version: - Image-Line)
IL Vocodex (HKLM\...\IL Vocodex) (Version: - Image-Line)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maximus (HKLM\...\Maximus) (Version: - Image-Line)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mkv2vob (HKLM\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
Mozilla Firefox 33.0 (x86 de) (HKLM\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
OpenVPN 2.2.2 (HKLM\...\OpenVPN) (Version: 2.2.2 - )
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Raptr (HKLM\...\Raptr) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version: - Punk Software)
Sony Mobile Update Service (HKLM\...\Update Service) (Version: 2.14.4.201403101311 - Sony Mobile Communications AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sytrus (HKLM\...\Sytrus) (Version: - Image-Line)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
TP-LINK TL-WN721N_WN722N Treiber (HKLM\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.2.1 - TP-LINK)
TP-LINK-Konfigurationstool (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC Codec Pack 2.0.5 (HKLM\...\VLC - Codec Pack) (Version: 2.0.5 - VLC Codec Pack)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 7 Codec Pack 4.0.9 (HKLM\...\Windows 7 - Codec Pack) (Version: 4.0.9 - Windows 7 Codec Pack)
WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-237654910-3141975521-2953661306-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-237654910-3141975521-2953661306-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-237654910-3141975521-2953661306-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-237654910-3141975521-2953661306-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-237654910-3141975521-2953661306-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-237654910-3141975521-2953661306-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-237654910-3141975521-2953661306-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-237654910-3141975521-2953661306-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-237654910-3141975521-2953661306-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-237654910-3141975521-2953661306-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-237654910-3141975521-2953661306-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
==================== Restore Points =========================
09-10-2014 07:51:10 Geplanter Prüfpunkt
09-10-2014 09:12:03 Windows Update
14-10-2014 20:08:49 TuneUp Utilities 2014 wird entfernt
14-10-2014 20:09:45 TuneUp Utilities 2014 (de-DE) wird entfernt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0D31FAC5-677C-43C6-8469-386B3EC90119} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2526B3EF-FF03-4194-A10D-B48FFAD933C8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {4D5F8D2F-E498-4D31-80FA-8F7915130C03} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {60DB3746-478E-4EE9-95EA-CEB2CC2A7D9B} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {63C94587-BCF7-4F31-8CF0-2559CC4E8FFF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {7F778310-40B8-44B6-A43D-B7BCEC280B8D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {8EB59010-41AC-434F-8F12-FAAE14635F85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {97E1D444-795F-40B2-BA5D-C6F0C3817F7A} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files\avira\Internet Explorer\swu.vbs"
Task: {F46D9FAB-7AA4-49CE-AFAF-D536085CB5FB} - System32\Tasks\Driver Booster SkipUAC (Produzent) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-03-16 13:01 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files\RocketDock\RocketDock.dll
2014-07-14 14:17 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-14 14:17 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-14 14:17 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-14 14:17 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-14 14:17 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-07-18 11:59 - 2014-08-27 15:00 - 00052472 ____N () C:\Users\Produzent\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-03-16 13:01 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files\RocketDock\RocketDock.exe
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2011-12-15 19:29 - 2011-12-15 19:29 - 00104712 _____ () C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
2011-12-15 19:29 - 2011-12-15 19:29 - 00510464 _____ () C:\Program Files\OpenVPN\bin\openvpn.exe
2011-12-15 19:29 - 2011-12-15 19:29 - 00090112 _____ () C:\Program Files\OpenVPN\bin\lzo2.dll
2014-10-14 21:17 - 2014-10-14 21:17 - 00014336 _____ () C:\Users\Produzent\AppData\Local\Temp\WDE4B80.tmp\ml_online.lng
2014-10-14 21:17 - 2014-10-14 21:17 - 00036352 _____ () C:\Users\Produzent\AppData\Local\Temp\WDE4B80.tmp\ombrowser.lng
2013-12-13 04:47 - 2013-12-13 04:47 - 00333824 _____ () C:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2014-10-14 19:24 - 2014-10-14 19:24 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-10-14 22:14 - 2014-10-14 22:14 - 00050477 _____ () C:\Users\Produzent\Desktop\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-237654910-3141975521-2953661306-500 - Administrator - Disabled)
Gast (S-1-5-21-237654910-3141975521-2953661306-501 - Limited - Disabled)
Produzent (S-1-5-21-237654910-3141975521-2953661306-1000 - Administrator - Enabled) => C:\Users\Produzent
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/14/2014 09:10:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 08:09:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 07:07:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 05:41:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDQuarantine.exe, Version 2.4.40.103 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 970
Startzeit: 01cfe3b7c3a49fe0
Endzeit: 11
Anwendungspfad: C:\Program Files\Spybot - Search & Destroy 2\SDQuarantine.exe
Berichts-ID:
Error: (10/14/2014 05:27:12 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "D:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (10/09/2014 01:43:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDQuarantine.exe, Version 2.4.40.103 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c94
Startzeit: 01cfe3b384710420
Endzeit: 17
Anwendungspfad: C:\Program Files\Spybot - Search & Destroy 2\SDQuarantine.exe
Berichts-ID:
Error: (10/09/2014 01:36:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm winamp.exe, Version 5.6.6.3516 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e24
Startzeit: 01cfe3b3a0137aa0
Endzeit: 45
Anwendungspfad: C:\Program Files\Winamp\winamp.exe
Berichts-ID: 6ef547d1-4fa8-11e4-a43e-001966493684
Error: (10/09/2014 01:21:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/09/2014 09:45:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/09/2014 07:32:53 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "D:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
System errors:
=============
Error: (10/14/2014 09:11:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
UimBus
Uim_DEVIM
Uim_IM
Error: (10/14/2014 09:10:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (10/14/2014 09:10:17 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (10/14/2014 09:08:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (10/14/2014 08:10:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
UimBus
Uim_DEVIM
Uim_IM
Error: (10/14/2014 08:09:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (10/14/2014 08:09:21 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (10/14/2014 08:07:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (10/14/2014 07:07:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
UimBus
Uim_DEVIM
Uim_IM
Error: (10/14/2014 07:07:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Microsoft Office Sessions:
=========================
Error: (10/14/2014 09:10:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 08:09:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 07:07:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 05:41:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDQuarantine.exe2.4.40.10397001cfe3b7c3a49fe011C:\Program Files\Spybot - Search & Destroy 2\SDQuarantine.exe
Error: (10/14/2014 05:27:12 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: D:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (10/09/2014 01:43:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDQuarantine.exe2.4.40.103c9401cfe3b38471042017C:\Program Files\Spybot - Search & Destroy 2\SDQuarantine.exe
Error: (10/09/2014 01:36:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: winamp.exe5.6.6.3516e2401cfe3b3a0137aa045C:\Program Files\Winamp\winamp.exe6ef547d1-4fa8-11e4-a43e-001966493684
Error: (10/09/2014 01:21:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/09/2014 09:45:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet Pro 8600\DriverStore\Pipeline\amd64\hpinkins5912.exe
Error: (10/09/2014 07:32:53 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: D:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
Percentage of memory in use: 48%
Total physical RAM: 2047.28 MB
Available physical RAM: 1050.61 MB
Total Pagefile: 4094.55 MB
Available Pagefile: 2709.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:176.02 GB) NTFS
Drive f: () (Fixed) (Total:394.4 GB) (Free:158.14 GB) NTFS
Drive x: () (Fixed) (Total:536.98 GB) (Free:344.93 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: B56CAEEC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 5CF7342E)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 0F882CC9)
Partition 1: (Active) - (Size=394.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=537.1 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-14 22:55:33
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HD250HJ rev.FH100-05 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\PRODUZ~1\AppData\Local\Temp\pwdcruog.sys
---- System - GMER 2.1 ----
SSDT 8E29792E ZwCreateSection
SSDT 8E297938 ZwRequestWaitReplyPort
SSDT 8E297933 ZwSetContextThread
SSDT 8E29793D ZwSetSecurityObject
SSDT 8E297942 ZwSystemDebugControl
SSDT 8E2978CF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C92A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CCC212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CD358C 4 Bytes [2E, 79, 29, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CD38E8 4 Bytes [38, 79, 29, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CD392C 4 Bytes [33, 79, 29, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CD39A8 4 Bytes [3D, 79, 29, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82CD39FC 4 Bytes [42, 79, 29, 8E]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Processes - GMER 2.1 ----
Library C:\Program Files\TuneUp Utilities 2014\SDShelEx-win32.dll (*** hidden *** ) @ C:\Program Files\RocketDock\RocketDock.exe [772] 0x572C0000
Library C:\Program Files\TuneUp Utilities 2014\SDShelEx-win32.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [1716] 0x572C0000
Library C:\Program Files\TuneUp Utilities 2014\DseShExt-x86.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [1716] 0x57160000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Danke noch mals |
|
15.10.2014, 16:14
| #2 |
| /// the machine /// TB-Ausbilder    | Virusvermutung: Uhrzeit verstellt sich immer und surfen ist unmöglich! Hi,
__________________ist das ein Desktop Rechner oder Laptop? Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
15.10.2014, 16:58
| #3 |
| | Virusvermutung: Uhrzeit verstellt sich immer und surfen ist unmöglich! Erstmal danke für die schnelle Antwort
__________________ Echt super. Habe ein PC also kein Laptop. Habe beide Programme ausgeführt. Bei dem Uninstaller habe ich über 600 Beiträge gelöscht und bei dem anderen Programm kam garnicht's raus. Also hat nicht's gefunden. Was soll ich jetzt noch machen oder war's das? Sorry erst jetzt das Log file gesehen... Code:
ATTFilter
23:55:15.0735 0x1718 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:55:19.0618 0x1718 ============================================================
23:55:19.0619 0x1718 Current date / time: 2014/10/14 23:55:19.0618
23:55:19.0619 0x1718 SystemInfo:
23:55:19.0619 0x1718
23:55:19.0619 0x1718 OS Version: 6.1.7601 ServicePack: 1.0
23:55:19.0619 0x1718 Product type: Workstation
23:55:19.0619 0x1718 ComputerName: PRODUZENT-PC
23:55:19.0619 0x1718 UserName: Produzent
23:55:19.0619 0x1718 Windows directory: C:\Windows
23:55:19.0619 0x1718 System windows directory: C:\Windows
23:55:19.0619 0x1718 Processor architecture: Intel x86
23:55:19.0619 0x1718 Number of processors: 2
23:55:19.0619 0x1718 Page size: 0x1000
23:55:19.0619 0x1718 Boot type: Normal boot
23:55:19.0619 0x1718 ============================================================
23:55:21.0022 0x1718 KLMD registered as C:\Windows\system32\drivers\48310640.sys
23:55:21.0330 0x1718 System UUID: {FF8829A5-2055-FF6E-7F95-D46032F30F7B}
23:55:22.0019 0x1718 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x1C042, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
23:55:22.0019 0x1718 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:55:22.0021 0x1718 ============================================================
23:55:22.0021 0x1718 \Device\Harddisk0\DR0:
23:55:22.0021 0x1718 MBR partitions:
23:55:22.0021 0x1718 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:55:22.0021 0x1718 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192000
23:55:22.0021 0x1718 \Device\Harddisk1\DR1:
23:55:22.0022 0x1718 MBR partitions:
23:55:22.0022 0x1718 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
23:55:22.0022 0x1718 ============================================================
23:55:22.0030 0x1718 Initialize success
23:55:22.0030 0x1718 ============================================================
23:56:08.0946 0x17ac ============================================================
23:56:08.0946 0x17ac Scan started
23:56:08.0946 0x17ac Mode: Manual; SigCheck; TDLFS;
23:56:08.0946 0x17ac ============================================================
23:56:08.0946 0x17ac KSN ping started
23:56:34.0997 0x17ac KSN ping finished: true
23:56:35.0387 0x17ac ================ Scan system memory ========================
23:56:35.0387 0x17ac System memory - ok
23:56:35.0387 0x17ac ================ Scan services =============================
23:56:35.0449 0x17ac 1394ohci - ok
23:56:35.0465 0x17ac ACPI - ok
23:56:35.0481 0x17ac AcpiPmi - ok
23:56:35.0512 0x17ac AdobeFlashPlayerUpdateSvc - ok
23:56:35.0512 0x17ac adp94xx - ok
23:56:35.0543 0x17ac adpahci - ok
23:56:35.0559 0x17ac adpu320 - ok
23:56:35.0574 0x17ac AeLookupSvc - ok
23:56:35.0590 0x17ac AFD - ok
23:56:35.0605 0x17ac agp440 - ok
23:56:35.0637 0x17ac aic78xx - ok
23:56:35.0746 0x17ac ALG - ok
23:56:35.0746 0x17ac aliide - ok
23:56:35.0746 0x17ac AMD External Events Utility - ok
23:56:35.0761 0x17ac amdagp - ok
23:56:35.0761 0x17ac amdide - ok
23:56:35.0824 0x17ac amdiox86 - ok
23:56:35.0855 0x17ac AmdK8 - ok
23:56:35.0917 0x17ac amdkmdag - ok
23:56:35.0964 0x17ac amdkmdap - ok
23:56:35.0964 0x17ac AmdPPM - ok
23:56:35.0980 0x17ac amdsata - ok
23:56:35.0980 0x17ac amdsbs - ok
23:56:35.0980 0x17ac amdxata - ok
23:56:35.0995 0x17ac AntiVirSchedulerService - ok
23:56:36.0011 0x17ac AntiVirService - ok
23:56:36.0027 0x17ac AppID - ok
23:56:36.0042 0x17ac AppIDSvc - ok
23:56:36.0042 0x17ac Appinfo - ok
23:56:36.0058 0x17ac AppMgmt - ok
23:56:36.0073 0x17ac arc - ok
23:56:36.0073 0x17ac arcsas - ok
23:56:36.0089 0x17ac aspnet_state - ok
23:56:36.0089 0x17ac AsyncMac - ok
23:56:36.0089 0x17ac atapi - ok
23:56:36.0105 0x17ac athur - ok
23:56:36.0120 0x17ac AtiHDAudioService - ok
23:56:36.0136 0x17ac AtiHdmiService - ok
23:56:36.0136 0x17ac AudioEndpointBuilder - ok
23:56:36.0151 0x17ac Audiosrv - ok
23:56:36.0151 0x17ac avgntflt - ok
23:56:36.0167 0x17ac avipbb - ok
23:56:36.0183 0x17ac Avira.OE.ServiceHost - ok
23:56:36.0183 0x17ac avkmgr - ok
23:56:36.0198 0x17ac AxInstSV - ok
23:56:36.0198 0x17ac b06bdrv - ok
23:56:36.0214 0x17ac b57nd60x - ok
23:56:36.0229 0x17ac BDESVC - ok
23:56:36.0229 0x17ac Beep - ok
23:56:36.0229 0x17ac BFE - ok
23:56:36.0245 0x17ac BITS - ok
23:56:36.0245 0x17ac blbdrive - ok
23:56:36.0261 0x17ac bowser - ok
23:56:36.0261 0x17ac BrFiltLo - ok
23:56:36.0261 0x17ac BrFiltUp - ok
23:56:36.0276 0x17ac Browser - ok
23:56:36.0276 0x17ac Brserid - ok
23:56:36.0276 0x17ac BrSerWdm - ok
23:56:36.0292 0x17ac BrUsbMdm - ok
23:56:36.0292 0x17ac BrUsbSer - ok
23:56:36.0292 0x17ac BTHMODEM - ok
23:56:36.0307 0x17ac bthserv - ok
23:56:36.0307 0x17ac cdfs - ok
23:56:36.0323 0x17ac cdrom - ok
23:56:36.0323 0x17ac CertPropSvc - ok
23:56:36.0339 0x17ac circlass - ok
23:56:36.0339 0x17ac CLFS - ok
23:56:36.0339 0x17ac clr_optimization_v2.0.50727_32 - ok
23:56:36.0354 0x17ac clr_optimization_v4.0.30319_32 - ok
23:56:36.0370 0x17ac CmBatt - ok
23:56:36.0370 0x17ac cmdide - ok
23:56:36.0385 0x17ac CNG - ok
23:56:36.0385 0x17ac Compbatt - ok
23:56:36.0417 0x17ac CompositeBus - ok
23:56:36.0417 0x17ac COMSysApp - ok
23:56:36.0417 0x17ac crcdisk - ok
23:56:36.0432 0x17ac CryptSvc - ok
23:56:36.0432 0x17ac CSC - ok
23:56:36.0448 0x17ac CscService - ok
23:56:36.0448 0x17ac DcomLaunch - ok
23:56:36.0463 0x17ac defragsvc - ok
23:56:36.0463 0x17ac DfsC - ok
23:56:36.0463 0x17ac Dhcp - ok
23:56:36.0479 0x17ac discache - ok
23:56:36.0495 0x17ac Disk - ok
23:56:36.0495 0x17ac dmvsc - ok
23:56:36.0495 0x17ac Dnscache - ok
23:56:36.0510 0x17ac dot3svc - ok
23:56:36.0510 0x17ac DPS - ok
23:56:36.0510 0x17ac drmkaud - ok
23:56:36.0526 0x17ac DXGKrnl - ok
23:56:36.0526 0x17ac EapHost - ok
23:56:36.0526 0x17ac ebdrv - ok
23:56:36.0541 0x17ac EFS - ok
23:56:36.0541 0x17ac elxstor - ok
23:56:36.0541 0x17ac ErrDev - ok
23:56:36.0573 0x17ac ESProtectionDriver - ok
23:56:36.0588 0x17ac EventSystem - ok
23:56:36.0588 0x17ac exfat - ok
23:56:36.0588 0x17ac fastfat - ok
23:56:36.0604 0x17ac Fax - ok
23:56:36.0604 0x17ac fdc - ok
23:56:36.0604 0x17ac fdPHost - ok
23:56:36.0619 0x17ac FDResPub - ok
23:56:36.0619 0x17ac FileInfo - ok
23:56:36.0635 0x17ac Filetrace - ok
23:56:36.0635 0x17ac flpydisk - ok
23:56:36.0760 0x17ac FltMgr - ok
23:56:36.0791 0x17ac FontCache - ok
23:56:36.0807 0x17ac FontCache3.0.0.0 - ok
23:56:36.0807 0x17ac FsDepends - ok
23:56:36.0822 0x17ac Fs_Rec - ok
23:56:36.0838 0x17ac fvevol - ok
23:56:36.0838 0x17ac gagp30kx - ok
23:56:36.0853 0x17ac ggflt - ok
23:56:36.0853 0x17ac ggsemc - ok
23:56:36.0869 0x17ac gpsvc - ok
23:56:36.0869 0x17ac hcw85cir - ok
23:56:36.0885 0x17ac HdAudAddService - ok
23:56:36.0885 0x17ac HDAudBus - ok
23:56:36.0900 0x17ac HidBatt - ok
23:56:36.0900 0x17ac HidBth - ok
23:56:36.0916 0x17ac HidIr - ok
23:56:36.0916 0x17ac hidserv - ok
23:56:36.0931 0x17ac HidUsb - ok
23:56:36.0947 0x17ac hkmsvc - ok
23:56:36.0947 0x17ac HomeGroupListener - ok
23:56:36.0947 0x17ac HomeGroupProvider - ok
23:56:36.0963 0x17ac HpSAMD - ok
23:56:36.0963 0x17ac HTTP - ok
23:56:36.0963 0x17ac hwpolicy - ok
23:56:36.0978 0x17ac i8042prt - ok
23:56:36.0978 0x17ac iaStorV - ok
23:56:36.0978 0x17ac idsvc - ok
23:56:37.0009 0x17ac IEEtwCollectorService - ok
23:56:37.0025 0x17ac iirsp - ok
23:56:37.0025 0x17ac IKEEXT - ok
23:56:37.0025 0x17ac intelide - ok
23:56:37.0041 0x17ac intelppm - ok
23:56:37.0041 0x17ac IPBusEnum - ok
23:56:37.0041 0x17ac IpFilterDriver - ok
23:56:37.0056 0x17ac iphlpsvc - ok
23:56:37.0056 0x17ac IPMIDRV - ok
23:56:37.0072 0x17ac IPNAT - ok
23:56:37.0072 0x17ac IRENUM - ok
23:56:37.0072 0x17ac isapnp - ok
23:56:37.0087 0x17ac iScsiPrt - ok
23:56:37.0087 0x17ac kbdclass - ok
23:56:37.0103 0x17ac kbdhid - ok
23:56:37.0103 0x17ac KeyIso - ok
23:56:37.0103 0x17ac KSecDD - ok
23:56:37.0119 0x17ac KSecPkg - ok
23:56:37.0119 0x17ac KtmRm - ok
23:56:37.0119 0x17ac LanmanServer - ok
23:56:37.0134 0x17ac LanmanWorkstation - ok
23:56:37.0134 0x17ac lltdio - ok
23:56:37.0150 0x17ac lltdsvc - ok
23:56:37.0150 0x17ac lmhosts - ok
23:56:37.0150 0x17ac LSI_FC - ok
23:56:37.0165 0x17ac LSI_SAS - ok
23:56:37.0165 0x17ac LSI_SAS2 - ok
23:56:37.0181 0x17ac LSI_SCSI - ok
23:56:37.0181 0x17ac luafv - ok
23:56:37.0197 0x17ac MbaeSvc - ok
23:56:37.0212 0x17ac MBAMProtector - ok
23:56:37.0228 0x17ac MBAMScheduler - ok
23:56:37.0228 0x17ac MBAMService - ok
23:56:37.0243 0x17ac MBAMWebAccessControl - ok
23:56:37.0259 0x17ac McComponentHostService - ok
23:56:37.0259 0x17ac megasas - ok
23:56:37.0259 0x17ac MegaSR - ok
23:56:37.0275 0x17ac MMCSS - ok
23:56:37.0275 0x17ac Modem - ok
23:56:37.0290 0x17ac monitor - ok
23:56:37.0290 0x17ac mouclass - ok
23:56:37.0290 0x17ac mouhid - ok
23:56:37.0306 0x17ac mountmgr - ok
23:56:37.0306 0x17ac MozillaMaintenance - ok
23:56:37.0321 0x17ac mpio - ok
23:56:37.0321 0x17ac mpsdrv - ok
23:56:37.0337 0x17ac MpsSvc - ok
23:56:37.0337 0x17ac MRxDAV - ok
23:56:37.0337 0x17ac mrxsmb - ok
23:56:37.0353 0x17ac mrxsmb10 - ok
23:56:37.0353 0x17ac mrxsmb20 - ok
23:56:37.0368 0x17ac msahci - ok
23:56:37.0368 0x17ac msdsm - ok
23:56:37.0384 0x17ac MSDTC - ok
23:56:37.0384 0x17ac Msfs - ok
23:56:37.0399 0x17ac mshidkmdf - ok
23:56:37.0399 0x17ac msisadrv - ok
23:56:37.0399 0x17ac MSiSCSI - ok
23:56:37.0415 0x17ac msiserver - ok
23:56:37.0415 0x17ac MSKSSRV - ok
23:56:37.0415 0x17ac MSPCLOCK - ok
23:56:37.0431 0x17ac MSPQM - ok
23:56:37.0431 0x17ac MsRPC - ok
23:56:37.0446 0x17ac mssmbios - ok
23:56:37.0446 0x17ac MSTEE - ok
23:56:37.0462 0x17ac MTConfig - ok
23:56:37.0462 0x17ac Mup - ok
23:56:37.0462 0x17ac napagent - ok
23:56:37.0477 0x17ac NativeWifiP - ok
23:56:37.0477 0x17ac NDIS - ok
23:56:37.0477 0x17ac NdisCap - ok
23:56:37.0493 0x17ac NdisTapi - ok
23:56:37.0493 0x17ac Ndisuio - ok
23:56:37.0509 0x17ac NdisWan - ok
23:56:37.0509 0x17ac NDProxy - ok
23:56:37.0509 0x17ac NetBIOS - ok
23:56:37.0524 0x17ac NetBT - ok
23:56:37.0524 0x17ac Netlogon - ok
23:56:37.0524 0x17ac Netman - ok
23:56:37.0540 0x17ac NetMsmqActivator - ok
23:56:37.0540 0x17ac NetPipeActivator - ok
23:56:37.0555 0x17ac netprofm - ok
23:56:37.0555 0x17ac NetTcpActivator - ok
23:56:37.0555 0x17ac NetTcpPortSharing - ok
23:56:37.0571 0x17ac nfrd960 - ok
23:56:37.0571 0x17ac NlaSvc - ok
23:56:37.0571 0x17ac Npfs - ok
23:56:37.0587 0x17ac nsi - ok
23:56:37.0587 0x17ac nsiproxy - ok
23:56:37.0602 0x17ac Ntfs - ok
23:56:37.0602 0x17ac Null - ok
23:56:37.0602 0x17ac NVENETFD - ok
23:56:37.0618 0x17ac nvraid - ok
23:56:37.0618 0x17ac nvstor - ok
23:56:37.0618 0x17ac nv_agp - ok
23:56:37.0633 0x17ac ohci1394 - ok
23:56:37.0649 0x17ac OpenVPNService - ok
23:56:37.0649 0x17ac p2pimsvc - ok
23:56:37.0649 0x17ac p2psvc - ok
23:56:37.0665 0x17ac Parport - ok
23:56:37.0665 0x17ac partmgr - ok
23:56:37.0680 0x17ac Parvdm - ok
23:56:37.0680 0x17ac PcaSvc - ok
23:56:37.0680 0x17ac pci - ok
23:56:37.0696 0x17ac pciide - ok
23:56:37.0696 0x17ac pcmcia - ok
23:56:37.0711 0x17ac pcw - ok
23:56:37.0711 0x17ac PEAUTH - ok
23:56:37.0711 0x17ac PeerDistSvc - ok
23:56:37.0727 0x17ac pla - ok
23:56:37.0743 0x17ac PlugPlay - ok
23:56:37.0758 0x17ac PNRPAutoReg - ok
23:56:37.0758 0x17ac PNRPsvc - ok
23:56:37.0758 0x17ac PolicyAgent - ok
23:56:37.0774 0x17ac Power - ok
23:56:37.0774 0x17ac PptpMiniport - ok
23:56:37.0774 0x17ac Processor - ok
23:56:37.0789 0x17ac ProfSvc - ok
23:56:37.0789 0x17ac ProtectedStorage - ok
23:56:37.0805 0x17ac Psched - ok
23:56:37.0805 0x17ac ql2300 - ok
23:56:37.0805 0x17ac ql40xx - ok
23:56:37.0821 0x17ac QWAVE - ok
23:56:37.0821 0x17ac QWAVEdrv - ok
23:56:37.0821 0x17ac RasAcd - ok
23:56:37.0836 0x17ac RasAgileVpn - ok
23:56:37.0836 0x17ac RasAuto - ok
23:56:37.0836 0x17ac Rasl2tp - ok
23:56:37.0852 0x17ac RasMan - ok
23:56:37.0852 0x17ac RasPppoe - ok
23:56:37.0852 0x17ac RasSstp - ok
23:56:37.0867 0x17ac rdbss - ok
23:56:37.0867 0x17ac rdpbus - ok
23:56:37.0883 0x17ac RDPCDD - ok
23:56:37.0883 0x17ac RDPDR - ok
23:56:37.0883 0x17ac RDPENCDD - ok
23:56:37.0899 0x17ac RDPREFMP - ok
23:56:37.0899 0x17ac RDPWD - ok
23:56:37.0914 0x17ac rdyboost - ok
23:56:37.0914 0x17ac RemoteAccess - ok
23:56:37.0914 0x17ac RemoteRegistry - ok
23:56:37.0930 0x17ac RpcEptMapper - ok
23:56:37.0930 0x17ac RpcLocator - ok
23:56:37.0930 0x17ac RpcSs - ok
23:56:37.0945 0x17ac rspndr - ok
23:56:37.0945 0x17ac RSUSBSTOR - ok
23:56:37.0961 0x17ac s3cap - ok
23:56:37.0961 0x17ac SamSs - ok
23:56:37.0961 0x17ac SANDRA - ok
23:56:37.0977 0x17ac sbp2port - ok
23:56:37.0977 0x17ac SCardSvr - ok
23:56:37.0992 0x17ac scfilter - ok
23:56:37.0992 0x17ac Schedule - ok
23:56:37.0992 0x17ac SCPolicySvc - ok
23:56:38.0008 0x17ac SDRSVC - ok
23:56:38.0008 0x17ac SDScannerService - ok
23:56:38.0023 0x17ac SDUpdateService - ok
23:56:38.0023 0x17ac SDWSCService - ok
23:56:38.0023 0x17ac secdrv - ok
23:56:38.0039 0x17ac seclogon - ok
23:56:38.0039 0x17ac SENS - ok
23:56:38.0055 0x17ac SensrSvc - ok
23:56:38.0055 0x17ac Serenum - ok
23:56:38.0055 0x17ac Serial - ok
23:56:38.0070 0x17ac sermouse - ok
23:56:38.0070 0x17ac SessionEnv - ok
23:56:38.0086 0x17ac sffdisk - ok
23:56:38.0086 0x17ac sffp_mmc - ok
23:56:38.0101 0x17ac sffp_sd - ok
23:56:38.0101 0x17ac sfloppy - ok
23:56:38.0101 0x17ac SharedAccess - ok
23:56:38.0117 0x17ac ShellHWDetection - ok
23:56:38.0117 0x17ac sisagp - ok
23:56:38.0117 0x17ac SiSRaid2 - ok
23:56:38.0133 0x17ac SiSRaid4 - ok
23:56:38.0133 0x17ac Smb - ok
23:56:38.0148 0x17ac SNMPTRAP - ok
23:56:38.0148 0x17ac spldr - ok
23:56:38.0164 0x17ac Spooler - ok
23:56:38.0164 0x17ac sppsvc - ok
23:56:38.0164 0x17ac sppuinotify - ok
23:56:38.0179 0x17ac srv - ok
23:56:38.0179 0x17ac srv2 - ok
23:56:38.0179 0x17ac srvnet - ok
23:56:38.0195 0x17ac SSDPSRV - ok
23:56:38.0195 0x17ac ssmdrv - ok
23:56:38.0211 0x17ac SstpSvc - ok
23:56:38.0211 0x17ac stexstor - ok
23:56:38.0226 0x17ac StillCam - ok
23:56:38.0226 0x17ac StiSvc - ok
23:56:38.0242 0x17ac storflt - ok
23:56:38.0242 0x17ac StorSvc - ok
23:56:38.0242 0x17ac storvsc - ok
23:56:38.0257 0x17ac swenum - ok
23:56:38.0257 0x17ac swprv - ok
23:56:38.0257 0x17ac SysMain - ok
23:56:38.0273 0x17ac TabletInputService - ok
23:56:38.0273 0x17ac tap0901 - ok
23:56:38.0273 0x17ac TapiSrv - ok
23:56:38.0289 0x17ac TBS - ok
23:56:38.0289 0x17ac Tcpip - ok
23:56:38.0289 0x17ac TCPIP6 - ok
23:56:38.0304 0x17ac tcpipreg - ok
23:56:38.0304 0x17ac TDPIPE - ok
23:56:38.0320 0x17ac TDTCP - ok
23:56:38.0320 0x17ac tdx - ok
23:56:38.0335 0x17ac TeamViewer9 - ok
23:56:38.0351 0x17ac TermDD - ok
23:56:38.0351 0x17ac TermService - ok
23:56:38.0351 0x17ac Themes - ok
23:56:38.0367 0x17ac THREADORDER - ok
23:56:38.0367 0x17ac TrkWks - ok
23:56:38.0382 0x17ac truecrypt - ok
23:56:38.0382 0x17ac TrustedInstaller - ok
23:56:38.0382 0x17ac tssecsrv - ok
23:56:38.0398 0x17ac TsUsbFlt - ok
23:56:38.0398 0x17ac TsUsbGD - ok
23:56:38.0413 0x17ac tunnel - ok
23:56:38.0413 0x17ac uagp35 - ok
23:56:38.0429 0x17ac udfs - ok
23:56:38.0429 0x17ac UI0Detect - ok
23:56:38.0445 0x17ac UimBus - ok
23:56:38.0445 0x17ac Uim_DEVIM - ok
23:56:38.0445 0x17ac Uim_IM - ok
23:56:38.0460 0x17ac uliagpkx - ok
23:56:38.0460 0x17ac umbus - ok
23:56:38.0476 0x17ac UmPass - ok
23:56:38.0476 0x17ac UmRdpService - ok
23:56:38.0476 0x17ac upnphost - ok
23:56:38.0491 0x17ac usbaudio - ok
23:56:38.0491 0x17ac usbccgp - ok
23:56:38.0491 0x17ac usbcir - ok
23:56:38.0507 0x17ac usbehci - ok
23:56:38.0507 0x17ac usbhub - ok
23:56:38.0523 0x17ac usbohci - ok
23:56:38.0523 0x17ac usbprint - ok
23:56:38.0523 0x17ac USBSTOR - ok
23:56:38.0538 0x17ac usbuhci - ok
23:56:38.0538 0x17ac UxSms - ok
23:56:38.0538 0x17ac VaultSvc - ok
23:56:38.0554 0x17ac vdrvroot - ok
23:56:38.0554 0x17ac vds - ok
23:56:38.0554 0x17ac vga - ok
23:56:38.0569 0x17ac VgaSave - ok
23:56:38.0569 0x17ac vhdmp - ok
23:56:38.0569 0x17ac viaagp - ok
23:56:38.0585 0x17ac ViaC7 - ok
23:56:38.0585 0x17ac viaide - ok
23:56:38.0601 0x17ac vmbus - ok
23:56:38.0601 0x17ac VMBusHID - ok
23:56:38.0601 0x17ac volmgr - ok
23:56:38.0616 0x17ac volmgrx - ok
23:56:38.0616 0x17ac volsnap - ok
23:56:38.0616 0x17ac vsmraid - ok
23:56:38.0632 0x17ac VSS - ok
23:56:38.0632 0x17ac vwifibus - ok
23:56:38.0647 0x17ac vwififlt - ok
23:56:38.0647 0x17ac vwifimp - ok
23:56:38.0663 0x17ac W32Time - ok
23:56:38.0663 0x17ac WacomPen - ok
23:56:38.0663 0x17ac WANARP - ok
23:56:38.0679 0x17ac Wanarpv6 - ok
23:56:38.0679 0x17ac wbengine - ok
23:56:38.0694 0x17ac WbioSrvc - ok
23:56:38.0694 0x17ac wcncsvc - ok
23:56:38.0694 0x17ac WcsPlugInService - ok
23:56:38.0710 0x17ac Wd - ok
23:56:38.0710 0x17ac Wdf01000 - ok
23:56:38.0710 0x17ac WdiServiceHost - ok
23:56:38.0725 0x17ac WdiSystemHost - ok
23:56:38.0725 0x17ac WebClient - ok
23:56:38.0725 0x17ac Wecsvc - ok
23:56:38.0741 0x17ac wercplsupport - ok
23:56:38.0741 0x17ac WerSvc - ok
23:56:38.0757 0x17ac WfpLwf - ok
23:56:38.0757 0x17ac WIMMount - ok
23:56:38.0757 0x17ac WinDefend - ok
23:56:38.0772 0x17ac WinHttpAutoProxySvc - ok
23:56:38.0772 0x17ac Winmgmt - ok
23:56:38.0788 0x17ac WinRM - ok
23:56:38.0803 0x17ac WinUsb - ok
23:56:38.0803 0x17ac Wlansvc - ok
23:56:38.0819 0x17ac WmiAcpi - ok
23:56:38.0819 0x17ac wmiApSrv - ok
23:56:38.0835 0x17ac WPCSvc - ok
23:56:38.0835 0x17ac WPDBusEnum - ok
23:56:38.0835 0x17ac ws2ifsl - ok
23:56:38.0850 0x17ac wscsvc - ok
23:56:38.0850 0x17ac WSearch - ok
23:56:38.0866 0x17ac wuauserv - ok
23:56:38.0866 0x17ac WudfPf - ok
23:56:38.0881 0x17ac WUDFRd - ok
23:56:38.0881 0x17ac wudfsvc - ok
23:56:38.0897 0x17ac WwanSvc - ok
23:56:38.0913 0x17ac ================ Scan global ===============================
23:56:38.0913 0x17ac [ Global ] - ok
23:56:38.0913 0x17ac ================ Scan MBR ==================================
23:56:38.0928 0x17ac [ B7310D12FF8857D5B67EAA63423EDB33 ] \Device\Harddisk0\DR0
23:56:39.0381 0x17ac \Device\Harddisk0\DR0 - ok
23:56:39.0396 0x17ac [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
23:56:39.0443 0x17ac \Device\Harddisk1\DR1 - ok
23:56:39.0443 0x17ac ================ Scan VBR ==================================
23:56:39.0443 0x17ac [ F9184788B05154AC9117467DD5E2014D ] \Device\Harddisk0\DR0\Partition1
23:56:39.0443 0x17ac \Device\Harddisk0\DR0\Partition1 - ok
23:56:39.0443 0x17ac [ C59B5E9973BF969CF2768CE616E29BA3 ] \Device\Harddisk0\DR0\Partition2
23:56:39.0443 0x17ac \Device\Harddisk0\DR0\Partition2 - ok
23:56:39.0459 0x17ac [ 5B7C9894213A0DAED2B2E6E713C6866B ] \Device\Harddisk1\DR1\Partition1
23:56:39.0459 0x17ac \Device\Harddisk1\DR1\Partition1 - ok
23:56:39.0459 0x17ac ================ Scan generic autorun ======================
23:56:39.0459 0x17ac Sidebar - ok
23:56:39.0459 0x17ac mctadmin - ok
23:56:39.0459 0x17ac Sidebar - ok
23:56:39.0459 0x17ac mctadmin - ok
23:56:39.0459 0x17ac TrueCrypt - ok
23:56:39.0474 0x17ac RocketDock - ok
23:56:39.0474 0x17ac Spybot-S&D Cleaning - ok
23:56:39.0552 0x17ac AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.266 ), 0x41000 ( enabled : updated )
23:56:39.0568 0x17ac Win FW state via NFP2: enabled
23:56:42.0641 0x17ac ============================================================
23:56:42.0641 0x17ac Scan finished
23:56:42.0641 0x17ac ============================================================
23:56:42.0641 0x1458 Detected object count: 0
23:56:42.0641 0x1458 Actual detected object count: 0
23:56:50.0987 0x0dcc Deinitialize success
|
|
16.10.2014, 12:55
| #4 |
| /// the machine /// TB-Ausbilder | Virusvermutung: Uhrzeit verstellt sich immer und surfen ist unmöglich! CMOS Batterie auf dem Mainboard erneuern.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.10.2014, 16:22
| #5 |
| | Virusvermutung: Uhrzeit verstellt sich immer und surfen ist unmöglich! Wie mache ich das? Muss man dazu löten oder sowas? Sorry kenne mich da nicht so wirklich aus. |
|
17.10.2014, 08:28
| #6 |
| /// the machine /// TB-Ausbilder | Virusvermutung: Uhrzeit verstellt sich immer und surfen ist unmöglich! Nein. Rechner aus, Stromkabel weg. Seitlich den Deckel abnehmen, auf dem Board steckt ne Batterie, ähnlich wie denen in Uhren oder KFZ-Schlüsseln.
__________________ --> Virusvermutung: Uhrzeit verstellt sich immer und surfen ist unmöglich! |
|
| Themen zu Virusvermutung: Uhrzeit verstellt sich immer und surfen ist unmöglich! |
| antivirus, avira savings advisor entfernen, defender, downloader, driver booster, fehlercode 0x81000006, fehlercode 126, fehlercode windows, flash player, homepage, nodrives, officejet, prozessor, refresh, security, services.exe, software, svchost.exe, vista, windows |
dann auf 
und dann auf 
. 
Linear-Darstellung
