| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus? Vermehrte Meldungen, SQL, clipz, https seitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.10.2014, 23:56
| #1 |
| |  Virus? Vermehrte Meldungen, SQL, clipz, https seiten Hallo, seit einigen Woche habe ich vermehrt Virenmeldungen über mein Aviraprogramm (fast täglich). Dabei passiert häufig, dass sich ein SQL-Serverclienthilfsprogramm in einer Endlosschleife zigmal von selbst öffnet und in den Vordergrund ploppt - ziemlich zeitgleich kommt die erste virenmeldung über Avira, ich schließe die Fenster und lasse den Virenscan durchlaufen, selbiges passiert bestimmt 6,7 mal hintereinander, die Anzahl der entdeckten Viren steigt von 2,3 auf bis zu 11, wenn ich einen kompletten system prüf durchlauf mache, habe ich danach ein paar Tage ruhe, aber das spiel wiederholt sich alle paar Tage...deshalb befürchte ich, dass ein Virus vll. nicht vollständig entfernt wurde.... Zudem hat mir mein Internetbrowser Firefox in den letzten Tagen nicht ermöglicht htpps-Websiten zu erreichen... und seit dem ersten Auftreten dieser Virenmeldungen mit dem selbstöffnenden sql fenster in einem öffentlichen W-Lan-Netz in einem Cafe habe ich ein Programm Namens clipz von dem Herausgeber clipz.com auf meinem Rechner, das sich nicht deinstallieren lässt - dabei kommt die Meldung, das Programm sei nicht auffindbar, evtl schon deinstalliert... ich weiß nicht ob diese Dinge zusammenhängen, ich kenne mich nicht gut aus damit, es ist mir nur insgesamt sehr merkwürdig vorgekommen. Ich würde mich freuen, wenn mir jemand mit Rat weiterhelfen kann. Beste Grüße, Petunie Log Malwarebytes' Anti Malware: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 20.10.2014 Scan Time: 22:15:40 Logfile: log.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.20.07 Rootkit Database: v2014.10.17.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Jakob Scan Type: Threat Scan Result: Completed Objects Scanned: 340220 Time Elapsed: 8 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 3 Trojan.Krypt, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\image, , [3cbb8e88f08c66d07698cd05c938be42], Trojan.FakeAMI, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\message_history, , [8c6bea2c3943ef4705a716b408f93cc4], PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\acfoobbgoakpihljnfedbcfaipcdlfhk, , [e21584929ddf75c1e56c442f0ff5eb15], Registry Values: 0 (No malicious items detected) Registry Data: 1 Hijack.StartPage, HKU\S-1-5-21-1039312522-3144380910-2287453735-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=C8DE1A94237E7BFB&affID=127685&tsp=5206, Good: (www.google.com), Bad: (hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=C8DE1A94237E7BFB&affID=127685&tsp=5206),,[04f38a8c2a526accb39e170fc63fc63a] Folders: 2 PUP.Optional.BuenoSearch.A, C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk, , [797e69ad9fdd1e18a3b0c232ba4813ed], PUP.Optional.BuenoSearch.A, C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk\1.6.2_0, , [797e69ad9fdd1e18a3b0c232ba4813ed], Files: 30 Trojan.Krypt, C:\Windows\ADFS\cs\antispyware_program\spot_corruption_handling.exe, , [3cbb8e88f08c66d07698cd05c938be42], Trojan.FakeAMI, C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\desktop_background\color.exe, , [8c6bea2c3943ef4705a716b408f93cc4], PUP.Optional.BuenoSearch.A, C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk\1.6.2_0\128.png, , [797e69ad9fdd1e18a3b0c232ba4813ed], PUP.Optional.BuenoSearch.A, C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk\1.6.2_0\48.png, , [797e69ad9fdd1e18a3b0c232ba4813ed], PUP.Optional.BuenoSearch.A, C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk\1.6.2_0\background.js, , [797e69ad9fdd1e18a3b0c232ba4813ed], PUP.Optional.BuenoSearch.A, C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk\1.6.2_0\manifest.json, , [797e69ad9fdd1e18a3b0c232ba4813ed], PUP.Optional.BuenoSearch.A, C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk\1.6.2_0\redirect.html, , [797e69ad9fdd1e18a3b0c232ba4813ed], PUP.Optional.BuenoSearch.A, C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk\1.6.2_0\redirect.js, , [797e69ad9fdd1e18a3b0c232ba4813ed], PUP.Optional.BuenoSearch.A, C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk\1.6.2_0\Thumbs.db, , [797e69ad9fdd1e18a3b0c232ba4813ed], PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false)  , ,[ba3d20f692ea191dda4e005cad584fb1]PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (ferences /* Do not edit this file. * * If yo), ,[6d8a1cfa7dff0432e147cb9149bc53ad] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (rences /* Do not edit this file. * * If you make changes to this file while t), ,[3dba43d3215be1559f8995c7ab5aea16] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (e. * * If you make changes to this file while the ), ,[d720e531e795dc5ab573b5a78283a25e] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (ces /* Do not edit this file. * * If you ma), ,[f106f91dee8e80b638f0d488f70e51af] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (erences /* Do not edit this file. * * If you), ,[8c6b67af007c61d53aee29334eb7e21e] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (rences /* Do not edit this file. * * If you mak), ,[e116b165126ae155d94f2735f2130cf4] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (ces /* Do not edit this file. * * If you make changes to this file w), ,[c13612042e4e2511be6a9ebef51011ef] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: ( this file. * * If you make changes to this file w), ,[ed0aa5711d5fe45284a48dcfab5a1ee2] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (ces /* Do not edit this file. * * If you make), ,[09eef81e99e3c67077b176e6ba4b16ea] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (ences /* Do not edit this file. * * If you ), ,[d1260f07b4c8f64062c64b11cc39926e] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (erences /* Do not edit this file. * * If you make ), ,[9166160034489c9a65c383d96f96c040] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: ( /* Do not edit this file. * * If you make changes t), ,[15e25fb7afcd63d3fb2dfe5e49bcea16] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: ( /* Do not edit this file. * * If you make ch), ,[9e5928eedaa278befb2d500cf80de61a] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (erences /* Do not edit this file. * * If you ), ,[9e59d73fe19b10267cac84d8f80d30d0] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (ences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten whe), ,[1ddaf620dd9f47ef08200d4fd72ece32] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: ( is running, * the changes will be overwritten wh), ,[e215b264502c63d384a4e8749b6a10f0] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (rences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when th), ,[3abd9185c3b9c76f959374e8c243a35d] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (unning, * the changes will be overwritten when the ), ,[d81f51c53c4005319e8a015b5ea7ea16] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (nces /* Do not edit this file. * * If you make changes ), ,[91666caa7b011b1b95937edee71e16ea] PUP.Optional.BuenoSearch, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\prefs.js, Good: (), Bad: (* Do not edit this file. * * If you make changes t), ,[5a9db75f5f1d063050d871ebdc293ac6] Physical Sectors: 0 (No malicious items detected) (end) Log von Avira: ÿþE#x#p#o#r#t#i#e#r#t#e# #E#r#e#i#g#n#i#s#s#e#:#e#r#n# # # # # #D#i#e# #D#a#t#e#i# #w#u#r#d#e# #i#n#s# #Q#u#a#r#a#n#t#ä#n#e#v#e#r#z#e#i#c#h#n#i#s# #u#n#t#e#r# #d#e#m# #N#a#m#e#n# #'#5#1#b#e#b#2#2#2#.#q#u#a#'# # #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #e#x#i#s#t#i#e#r#t# #n#i#c#h#t#!#a#n#]# # #A#k#t#i#o#n#:# #Z#u#g#r#i#f#f# #v#e#r#w#e#i#g#e#r#n#P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #r#d#e# #e#i#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #e#i#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# # #A#k#t#i#o#n#:# #Ü#b#e#r#g#e#b#e#n# #a#n# #S#c#a#n#n#e#r#8#1#1#9#'# #[#t#r#o#j#a#n#]# # #A#v#i#r#a#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#a#n#t#i#s#p#y#w#a#r#e#.#e#x#e#'#e#r#w#e#i#g#e#r#n#0#1#4# #0#9#:#1#5# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#k#t#i#o#n#:# #Ü#b#e#r#g#e#b#e#n# #a#n# #S#c#a#n#n#e#r# # # # # # #w#u#r#d#e# #e#i#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #n#n#e#r#w#a#r#e# #g#e#f#u#n#d#e#n# #A#k#t#i#o#n#:# #Ü#b#e#r#g#e#b#e#n# #a#n# #S#c#a#n#n#e#r#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#A#v#i#r#a#\#M#y# #A#v#i#r#a#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#w#i#n#d#o#w#s#_#c#a#l#l#.#e#x#e#'#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#a#c#h#i#e#v#e#m#e#n#t#.#e #x#e#'#_#s#i#g#n#a#l#.#e#x#e#'# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#b#u#s#y#_#s#i#g#n#a#l#.#e#x#e#'# #0#7#:#5#7# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# #0#7#:#5#6# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#e#r# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#A#v#i#r#a#\#M#y# #A#v#i#r#a#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#r#u#b#l#e#s#.#e#x#e#'#s#\#A#I#T#\#g#a#m#e#s#\#c#o#m#p#l#i#a#n#t#_#c#a#r#d#.#e#x#e#'#'# #e#i#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #:#\#P#r#o#g#r#a#m#D#a#t#a#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#r#o#t#a#t#i#o#n#_#l#o#c#k#.#e#x#e#'#[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# # # # #I#n# #d#e#r# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#A#v#i#r#a#\#M#y# #f# #v#e#r#w#e#i#g#e#r#n#0#7# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# # # # # # # #w#u#r#d#e# #e#i#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #0#5# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#A#v#i#r#a#\#M#y# #A#v#i#r#a#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#c#a#m#e#r#a#_#r#o#l#l#.#e#x#e#'#a#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#t#i#m#e#_#b#r#o#k#e#r#.#e #x#e#'# #A#k#t#i#o#n#:# #Z#u#g#r#i#f#f# #v#e#r#w#e#i#g#e#r#n#a#t#a#\#A#v#i#r#a#\#M#y# #g#e#f#u#n#d#e#n# #A#k#t#i#o#n#:# #Z#u#g#r#i#f#f# #v#e#r#w#e#i#g#e#r#n# #I#n# #d#e#r# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#A#v#i#r#a#\#M#y# #A#v#i#r#a#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#c#h#e#c#k#_#i#n#.#e#x#e#'#\#P#r#o#g#r#a#m#D#a#t#a#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a #m#e#s#\#a#d#d#_#c#a#l#l#.#e#x#e#'#D#a#t#a#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#c#d#m#a#_#n#e#t#w#o#r#k#.#e#x#e#'# #g#e#f#u#n#d#e#n#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#b#l#a#n#k#e#t#_#o#r#d#e#r#.#e#x#e#'#P#r#o#g#r#a#m#D#a#t#a#\#A#v#i#r#a#\#M#y# # # #I#n# #d#e#r# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#A#v#i#r#a#\#M#y# # #d#e#r# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#A#v#i#r#a#\#M#y# #n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# #0#5#:#3#8# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#3# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# #g#e#f#u#n#d#e#n# #1#7#.#1#0#.#2#0#1#4# #0#5#:#3#1# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#e# #g#e#f#u#n#d#e#n#d#e#r# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#A#v#i#r#a#\#M#y# #A#v#i#r#a#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#m#e#d#i#a#.#e#x#e#'# #e#i#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#s#l#i#d#e#r#.#e#x#e#'#s#\#u#n#p#i#n#.#e#x#e#'# #A#k#t#i#o#n#:# #Ü#b#e#r#g#e#b#e#n# #a#n# #S#c#a#n#n#e#r#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #9#'# #[#t#r#o#j#a#n#]# # # # # # # #w#u#r#d#e# #e#i#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #u#s#g#e#f#ü#h#r#t#e# #A#k#t#i#o#n#:# #Ü#b#e#r#g#e#b#e#n# #a#n# #S#c#a#n#n#e#r#Z#u#g#r#i#f#f# #v#e#r#w#e#i#g#e#r#n# #A#u#s#g#e#f#ü#h#r#t#e# #A#k#t#i#o#n#:# #Z#u#g#r#i#f#f# #v#e#r#w#e#i#g#e#r#n# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# # #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# # # #g#e#f#u#n#d#e#n#.# #a#n# #S#c#a#n#n#e#r#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# #g#e#f#u#n#d#e#n#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#s#u#p#p#o#r#t#.#e#x#e#'#n# #d#e#r# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#p#r#i#c#e#_#a#d#j#u#s#t#m#e#n#t#.#e#x#e#'#r#e# #g#e#f#u#n#d#e#n#u#n#d#e#n#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# # # # # # #w#u#r#d#e# #e#i#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# # # # # #I#n# #d#e#r# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#a#d#d#r#e#s#s#_#b#o#o#k#.#e#x#e#'#f#u#n#d#e#n# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #P#r#o#g#r#a#m#D#a#t#a#\#A#v#i#r#a#\#M#y# #\#A#v#i#r#a#\#M#y# #A#v#i#r#a#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#b#l#u#e#t#o#o#t#h#.#e#x#e#'#.#e#x#e#'# #0#4#:#3#4# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#s#i#g#n#_#i#n#_#i#n#f#o#.#e#x#e#'# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# # # # #w#u#r#d#e# #e#i#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# # #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# # # # # # # #A#u#s#g#e#f#ü#h#r#t#e# #A#k#t#i#o#n#:# #Z#u#g#r#i#f#f# #v#e#r#w#e#i#g#e#r#n# #e#r# #a#n# #S#c#a#n#n#e#r#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#n#d#e#n# # # # # # #w#u#r#d#e# #e#i#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #a#\#M#y# #A#v#i#r#a#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#e#n#c#o#d#i#n#g#.#e#x#e#'#v#i#r#a#\#M#y# #v#i#r#a#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#n#e#t#_#a#m#o#u#n#t#.#e#x#e#'# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# # # # # #I#n# #d#e#r# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#A#v#i#r#a#\#M#y# #A#v#i#r#a#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#p#a#t#i#e#n#t#.#e#x#e#'#D#a#t#a#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#a#l#i#p#a #y#.#e#x#e#'# #[#t#r#o#j#a#n#]# #n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#s#h#a#r#e#_#c#h#a#r#m#.#e#x#e#'#I#T#\#g#a#m#e#s#\#p#r#o#d#u#c#t#i#o#n#_#o#r#d#e#r#_#l#i#n#e#.#e#x#e#'#\#L#o#g#f#i#l#e #s#\#w#e#b#_#s#l#i#c#e#\#r#s#s#_#f#e#e#d#.#e#x#e#'# #Z#u#g#r#i#f#f# #v#e#r#w#e#i#g#e#r#n#_#s#l#i#c#e#\#s#h#a#r#e#d#_#p#h#o#t#o#s#.#e#x#e#'#.#e#x#e#'# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#1#1#9#'# #[#t#r#o#j#a#n#]# #t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#x#b#o#x#_#v#i#d#e#o#.#e#x#e#'#r# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#2#_#i#n#_#1#.#e#x#e#'# #0#3#:#4#4# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#b#i#t#m#a#p#.#e#x#e#'# #A#k#t#i#o#n#(#e#n#)#:#k#t#i#o#n# #m#i#t# #H#i#l#f#e# #d#e#r# #A#R#K# #L#i#b#r#a#r#y# #d#u#r#c#h#z#u#f#ü#h#r#e#n#.# #s#\#l#i#p#i#d#_#p#r#o#f#i#l#e#.#e#x#e#'# # # # # # #w#u#r#d#e# #e#i#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#1#0#0#6#0#8#'# #[#t#r#o#j#a#n#]# # #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#a#p#p#e#a#r#_#o#f#f#l#i#n#e#.#e#x#e#'#e# #g#e#f#u#n#d#e#n# #u#n#t#e#r# #d#e#m# #N#a#m#e#n# #'#4#8#6#8#9#3#b#3#.#q#u#a#'# #e#i#g#e#r#n# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#e#f#ü#h#r#t#e# #A#k#t#i#o#n#(#e#n#)#:# # # # # #g#e#f#u#n#d#e#n#.#F#T#W#A#R#E#\#M#i#c#r#o#s#o#f#t#\#W#i# #g#e#f#u#n#d#e#n#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#A#I#T#\#g#a#m#e#s#\#w#i#n#d#o#w#s#_#p#e#o#p#l#e#.#e#x#e#'#[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# # # # # # #w#u#r#d#e# #e#i#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#1#0#0#6#0#8#'# #[#t#r#o#j#a#n#]# #n#:# #Ü#b#e#r#g#e#b#e#n# #a#n# #S#c#a#n#n#e#r#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#1#0#0#6#0#8#'# # #i#t#_#n#u#m#b#e#r#.#e#x#e#'#i#c#e#\#a#i#r#p#l#a#n#e#_#m#o#d#e#.#e#x#e#'# #w#u#r#d#e# #e#r#f#o#l#g#r#e#i#c#h# #r#e#p#a#r#i#e#r#t#.#n#t#e#r# #d#e#m# #N#a#m#e#n# #'#1#b#a#6#7#9#3#2#.#q#u#a#'# #e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#9#8#7#9#0#'# #[#t#r#o#j#a#n#]# # # # # # # # #e#n#t#h#i#e#l#t# #e#i#n#e#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#9#8#3#1#6#'# # #F#T#W#A#R#E#\#M#i#c#r#o#s#o#f#t#\#W#i# # # #A#v#i#r#a#\#L#o#g#f#i#l#e#s#\#w#e#b#_#s#l#i#c#e#\#i#n#t#e#r#f#a#c#e#\#p#o#s#t#a#l#_#c#o#d#e#.#e#x#e#'#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# # # # # # #e#n#t#h#i#e#l#t# #e#i#n#e#n# #V#i#r#u#s# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#9#7#5#3#0#'# # # # # # # #[#t#r#o#j#a#n#]#.#a#r#d#.#e#x#e#'#j#a#n#]#.# #1#4#:#4#5# #[#S#y#s#t#e#m#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#1#3# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#9#6#0#2#2#'# # #\#W#i#n#d#o#w#s#\#C#u#r#r#e#n#t#V#e#r#s#i#o#n#\#R#u#n#\#a#u#t#o#m#a#t#i#c#_#m#a#i#n# #o#d#e#r# #u#n#e#r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#9#5#6#8#5#'# #[#t#r#o#j#a#n#]# #n#d#e#n#.#y#p#t#.#X#p#a#c#k#.#9#3#8#6#0#'# #[#t#r#o#j#a#n#]# #4#\#M#i#c#r#o#s#o#f#t#.#I#n#t#e#r#o#p#.#S#e#c#u#r#i#t#y#.#A#z#R#o#l#e#s#\#2#.#0#.#0#.#0#_#_#3#1#b#f#3#8#5#6# #v#e#r#w#e#i#g#e#r#n#e#i# #'#C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#A#v#i#r#a#\#A#n#t#i#V#i#r# #D#e#s#k#t#o#p#\#I#P#M#\#h#a#r#d#w#a#r#e#\#l#a#y#e#r#.#e#x#e#'#r#t#\#u#n#l#i#m#i#t#e#d#_#m#u#s#i#c#.#e#x#e#'# # # # #[#t#r#o#j#a#n#]#.#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#6#8#7#2#'# #a#n#t#ä#n#e#v#e#r#z#e#i#c#h#n#i#s# #u#n#t#e#r# #d#e#m# #N#a#m#e#n# #'#5#1#4#7#5#f#3#c#.#q#u#a#'# #r#o#s#o#f#t# # #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#a#l#_#b#a#n#k#_#m#f#o#_#c#o#d#e#.#e#x#e#'# #F#i#l#e#s#\#C#o#m#m#o#n# #F#i#l#e#s#\#m#i#c#r#o#s#o#f#t# #r#w#e#i#g#e#r#n#t#i#o#n#:# #Z#u#g#r#i#f#f# #v#e#r#w#e#i#g#e#r#n#s#h#a#r#e#d#\#i#n#k#\#s#k#-#S#K#\#s#m#a#r#t#\#p#r#o#c#e#s#s#o#r#.#e#x#e#'# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#9#4#5#'# #[#t#r#o#j#a#n#]# #9# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#9#4#5#'# #[#t#r#o#j#a#n#]# # #Z#u#g#r#i#f#f# #v#e#r#w#e#i#g#e#r#n# #s#h#a#r#e#d#\#i#n#k#\#s#k#-#S#K#\#s#m#a#r#t#\#c#a#p#t#i#v#e#_#p#o#r#t#a#l#.#e#x#e#'#r#t#e# #A#k#t#i#o#n#:# #Z#u#g#r#i#f#f# #v#e#r#w#e#i#g#e#r#n#D#a#t#a#\#A#v#i#r#a#\#A#n#t#i#V#i#r# # # # # # # #A#u#s#g#e#f#ü#h#r#t#e# #A#k#t#i#o#n#:# #Z#u#g#r#i#f#f# #v#e#r#w#e#i#g#e#r#n#a#r#e# #g#e#f#u#n#d#e#n# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# # # # # # #A#u#s#g#e#f#ü#h#r#t#e# #A#k#t#i#o#n#:# #Ü#b#e#r#g#e#b#e#n# #a#n# #S#c#a#n#n#e#r#x#.#e#x#e#'# #1#4#:#1#4# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# # # # # #I#n# #d#e#r# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m# #F#i#l#e#s#\#C#o#m#m#o#n# #F#i#l#e#s#\#m#i#c#r#o#s#o#f#t# # #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#9#4#5#'# #[#t#r#o#j#a#n#]# #:#0#7# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# # # # # # #A#u#s#g#e#f#ü#h#r#t#e# #A#k#t#i#o#n#:# #Z#u#g#r#i#f#f# #v#e#r#w#e#i#g#e#r#n#p#a#c#k#.#8#8#9#4#5#'# #[#t#r#o#j#a#n#]# #r#w#ü#n#s#c#h#t#e#s# #P#r#o#g#r#a#m#m# #'#T#R#/#C#r#y#p#t#.#X#p#a#c#k#.#8#8#9#4#5#'# #[#t#r#o#j#a#n#]# # # # # # # #I#n# #d#e#r# #D#a#t#e#i# #'#C#:#\#P#r#o#g#r#a#m# #F#i#l#e#s#\#C#o#m#m#o#n# #F#i#l#e#s#\#S#y#s#t#e#m#\#d#e#-#D#E#\#p#a#g#e#r#\#p#l#a#y#b#a#c#k#.#e#x#e#'#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# # # # #D#u#r#c#h#g#e#f#ü#h#r#t#e# #A#k#t#i#o#n#(#e#n#)#:#.#2#0#1#4# #1#3#:#5#0# #[#E#c#h#t#z#e#i#t#-#S#c#a#n#n#e#r#]# #M#a#l#w#a#r#e# #g#e#f#u#n#d#e#n# #D#a#t#e#i# #w#u#r#d#e# #i#n#s# #Q#u#a#r#a#n#t#ä#n#e#v#e#r#z#e#i#c#h#n#i#s# #u#n#t#e#r# #d#e#m# #N#a#m#e#n# #'#5#1#0#4#5#6#6#b#.#q#u#a#'# # Log Emisoft Anti Maleware: ÿþE#m#s#i#s#o#f#t# #A#n#t#i#-#M#a#l#w#a#r#e# #-# #V#e#r#s#i#o#n# #9#.#0# Eset Online Scan Log: ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=cf216214b702c946a1a137e7c65d6222 # engine=20691 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-10-20 10:28:32 # local_time=2014-10-21 12:28:32 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 0 20526448 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 13350065 19712684 0 0 # compatibility_mode_1='Emsisoft Anti-Malware' # compatibility_mode=16642 16777213 100 100 1759 215086400 0 0 # scanned=175437 # found=10 # cleaned=6 # scan_time=1549 sh=D946B8CD6D28CA38D3ACCE897F07856474DED6B4 ft=1 fh=47c4bcac63278daa vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Users\All Users\Avira\My Avira\Logfiles\web_slice\audio.exe" sh=34B81FE44378E548A2AFC0F13437B7F1865C2269 ft=1 fh=97fa79c3256b6b8f vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Users\All Users\Avira\My Avira\Logfiles\web_slice\right_arrow.exe" sh=D946B8CD6D28CA38D3ACCE897F07856474DED6B4 ft=1 fh=47c4bcac63278daa vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Users\All Users\Microsoft\Windows\AIT\games\impression.exe" sh=34B81FE44378E548A2AFC0F13437B7F1865C2269 ft=1 fh=97fa79c3256b6b8f vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Users\All Users\Microsoft\Windows\AIT\games\ipsec.exe" sh=FEFE2A148E52A40A6A50C4FF7874F9C6F938910C ft=1 fh=a6e6b06e2f656293 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Jakob\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir" sh=D946B8CD6D28CA38D3ACCE897F07856474DED6B4 ft=1 fh=47c4bcac63278daa vn="Variante von Win32/Kryptik.CNWZ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Avira\My Avira\Logfiles\web_slice\audio.exe" sh=34B81FE44378E548A2AFC0F13437B7F1865C2269 ft=1 fh=97fa79c3256b6b8f vn="Variante von Win32/Kryptik.CNWZ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Avira\My Avira\Logfiles\web_slice\right_arrow.exe" sh=D946B8CD6D28CA38D3ACCE897F07856474DED6B4 ft=1 fh=47c4bcac63278daa vn="Variante von Win32/Kryptik.CNWZ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Microsoft\Windows\AIT\games\impression.exe" sh=34B81FE44378E548A2AFC0F13437B7F1865C2269 ft=1 fh=97fa79c3256b6b8f vn="Variante von Win32/Kryptik.CNWZ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Microsoft\Windows\AIT\games\ipsec.exe" sh=4004FE3708C984E040FD9CB9F9861403AA4F52F9 ft=1 fh=ffcfed5b12d11974 vn="Variante von Win32/WinloadSDA.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Jakob\Documents\UNI\Krams\Blog\Adobe-Audition-lnstall.exe" |
|
21.10.2014, 05:54
| #2 |
| /// the machine /// TB-Ausbilder    |  Virus? Vermehrte Meldungen, SQL, clipz, https seiten hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
21.10.2014, 19:49
| #3 |
| | Virus? Vermehrte Meldungen, SQL, clipz, https seiten Vielen Dank für die Hilfe!
__________________Hier kommt der FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014 Ran by Jakob (administrator) on LAIMA on 21-10-2014 19:26:35 Running from C:\Users\Jakob\Downloads Loaded Profiles: Jakob & (Available profiles: Jakob) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Windows\System32\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.) HKLM\...\Run: [mercadopago] => C:\ProgramData\Microsoft\Windows\AIT\games\photo_viewer.exe HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4873248 2014-10-14] (Emsisoft GmbH) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1039312522-3144380910-2287453735-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [18998936 2014-09-26] (Microsoft Corporation) HKU\S-1-5-21-1039312522-3144380910-2287453735-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-1039312522-3144380910-2287453735-1001\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-1039312522-3144380910-2287453735-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [18998936 2014-09-26] (Microsoft Corporation) HKU\S-1-5-21-1039312522-3144380910-2287453735-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-1039312522-3144380910-2287453735-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisallowRun] 1 Startup: C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x572D3FD6B44DCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: No Name -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: No Name -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> No File BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default FF DefaultSearchEngine: Ecosia FF SelectedSearchEngine: Ecosia FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\searchplugins\avira-safesearch.xml FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\Extensions\abs@avira.com [2014-10-01] FF Extension: SoundCloud Downloader - SC DOWNLOADER - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\Extensions\jid1-mW7iuA66Ny8Ziw@jetpack.xpi [2014-10-04] FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-05-15] FF Extension: Adblock Plus - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-03] FF Extension: BetterPrivacy - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-04] FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\gvgd1qhx.default\extensions\cliqz@cliqz.com Chrome: ======= CHR Profile: C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-25] CHR Extension: (Google Drive) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-25] CHR Extension: (YouTube) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-25] CHR Extension: (Google Search) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-25] CHR Extension: (Google Wallet) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25] CHR Extension: (Gmail) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-25] CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\Jakob\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-10-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2013-06-25] (Atheros Commnucations) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-05-19] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-19] (Microsoft Corporation) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-19] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-19] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed] S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-19] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 19:26 - 2014-10-21 19:26 - 00017623 _____ () C:\Users\Jakob\Downloads\FRST.txt 2014-10-21 19:26 - 2014-10-21 19:26 - 00000000 ____D () C:\FRST 2014-10-21 19:25 - 2014-10-21 19:25 - 02110976 _____ (Farbar) C:\Users\Jakob\Downloads\FRST64.exe 2014-10-21 00:58 - 2014-10-21 00:58 - 00006516 _____ () C:\WINDOWS\PFRO.log 2014-10-21 00:57 - 2014-10-21 00:57 - 00000826 _____ () C:\EamClean.log 2014-10-21 00:00 - 2014-10-21 00:00 - 02347384 _____ (ESET) C:\Users\Jakob\Downloads\esetsmartinstaller_deu.exe 2014-10-21 00:00 - 2014-10-21 00:00 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-10-20 23:58 - 2014-10-20 23:58 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-10-20 23:34 - 2014-10-21 19:24 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-10-20 23:34 - 2014-10-20 23:34 - 00001113 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-10-20 23:34 - 2014-10-20 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-10-20 23:32 - 2014-10-20 23:33 - 162369616 _____ (Emsisoft GmbH ) C:\Users\Jakob\Downloads\EmsisoftAntiMalwareSetup.exe 2014-10-20 23:29 - 2014-10-20 23:29 - 00613100 _____ () C:\Users\Jakob\Desktop\Ereignisse.txt 2014-10-20 22:13 - 2014-10-21 19:21 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-10-20 22:13 - 2014-10-20 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-20 22:13 - 2014-10-20 22:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-20 22:13 - 2014-10-20 22:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-20 22:13 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-10-20 22:13 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-10-20 22:13 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-10-20 22:11 - 2014-10-20 22:11 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jakob\Downloads\mbam-setup-2.0.3.1025_CB-DL-Manager [1].exe 2014-10-20 21:37 - 2014-10-20 21:37 - 04965896 _____ (Piriform Ltd) C:\Users\Jakob\Downloads\ccsetup418.exe 2014-10-15 19:45 - 2014-10-10 00:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-10-15 19:45 - 2014-10-09 00:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-10-15 19:45 - 2014-09-19 03:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-10-15 19:45 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2014-10-15 19:45 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2014-10-15 19:45 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2014-10-15 19:45 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-10-15 19:45 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-10-15 15:16 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-10-15 15:16 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-10-15 15:16 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-10-15 15:16 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2014-10-15 15:16 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-10-15 15:16 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-10-15 15:16 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-10-15 15:16 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-10-15 15:16 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-10-15 15:16 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-10-15 15:16 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-10-15 15:16 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-10-15 15:16 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-10-15 15:16 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-10-15 15:16 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-10-15 15:15 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-10-15 15:15 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-10-15 15:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-10-15 15:14 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-10-15 15:14 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-10-15 15:14 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-10-15 15:14 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-10-15 15:14 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-10-15 15:14 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-10-15 15:14 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-10-15 15:14 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-10-15 15:14 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-10-15 15:14 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-10-15 15:14 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-10-15 15:14 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-10-15 15:14 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-10-15 15:14 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-10-15 15:14 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-10-15 15:14 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-10-15 15:14 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-10-15 15:14 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-10-15 15:14 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-10-15 15:14 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-10-15 15:14 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-10-15 15:14 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-10-15 15:14 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-10-15 15:14 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-10-15 15:14 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-10-15 15:14 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-10-15 15:14 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-10-15 15:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll 2014-10-15 15:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll 2014-10-15 15:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2014-10-15 15:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2014-10-15 15:14 - 2014-08-29 03:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2014-10-15 15:14 - 2014-08-29 01:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-10-15 15:14 - 2014-08-29 01:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-10-15 15:13 - 2014-08-16 06:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-10-15 15:13 - 2014-08-16 06:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2014-10-15 15:13 - 2014-08-16 06:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2014-10-15 15:13 - 2014-08-16 05:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-10-15 15:13 - 2014-08-16 05:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-10-15 15:13 - 2014-08-16 05:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-10-15 15:13 - 2014-08-16 05:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-10-15 15:13 - 2014-08-16 05:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2014-10-15 15:13 - 2014-08-16 05:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2014-10-15 15:13 - 2014-08-16 03:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-10-15 15:13 - 2014-08-16 03:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll 2014-10-15 15:13 - 2014-08-16 02:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2014-10-15 15:13 - 2014-08-16 02:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2014-10-15 15:13 - 2014-08-16 02:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll 2014-10-15 15:13 - 2014-08-16 02:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2014-10-15 15:13 - 2014-08-16 02:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll 2014-10-15 15:13 - 2014-08-16 02:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll 2014-10-15 15:13 - 2014-08-16 02:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2014-10-15 15:13 - 2014-08-16 02:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll 2014-10-15 15:13 - 2014-08-16 02:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-15 15:13 - 2014-08-16 02:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-10-15 15:13 - 2014-08-16 02:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-10-15 15:13 - 2014-08-16 02:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll 2014-10-15 15:13 - 2014-08-16 02:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-15 15:13 - 2014-08-16 02:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-10-15 15:13 - 2014-08-16 02:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-10-15 15:13 - 2014-08-16 02:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll 2014-10-15 15:13 - 2014-08-16 02:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-10-15 15:13 - 2014-08-16 02:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-10-15 15:13 - 2014-08-16 02:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-10-15 15:13 - 2014-08-16 02:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-10-15 15:13 - 2014-08-16 02:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-10-15 15:13 - 2014-08-16 02:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-10-15 15:13 - 2014-08-16 02:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-10-15 15:13 - 2014-08-01 01:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-10-14 23:40 - 2014-10-14 23:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-05 12:15 - 2014-10-06 11:21 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2014-10-05 12:15 - 2014-10-05 12:16 - 00000000 ____D () C:\Users\Jakob\Documents\Adobe 2014-10-05 12:15 - 2014-10-05 12:15 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\PDAppFlex 2014-10-04 12:29 - 2014-10-04 12:29 - 00000000 ___RD () C:\Users\Jakob\Creative Cloud Files 2014-10-04 12:03 - 2014-10-04 12:03 - 00000000 ____D () C:\Users\Jakob\ChromeExtensions 2014-10-04 12:03 - 2014-10-04 12:03 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Tempda8ca46b19bbab57dad37d4c3abf5d22 2014-10-04 12:03 - 2014-10-04 12:03 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Tempa05d9e95087796adc8b1375fb2b470b9 2014-10-04 12:03 - 2014-10-04 12:03 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Temp004243d4d7a3cbe8b9f73c4d91ad1a1e 2014-10-03 19:51 - 2014-10-03 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-10-03 19:51 - 2014-10-03 19:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-10-03 19:51 - 2014-10-03 19:51 - 00000000 ____D () C:\Program Files\iTunes 2014-10-03 19:51 - 2014-10-03 19:51 - 00000000 ____D () C:\Program Files\iPod 2014-10-03 19:51 - 2014-10-03 19:51 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-10-03 18:06 - 2014-10-03 18:06 - 00001396 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-10-03 18:06 - 2014-10-03 18:06 - 00001327 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-10-03 18:06 - 2014-10-03 18:06 - 00000000 ____D () C:\WINDOWS\de 2014-10-03 18:06 - 2014-10-03 18:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-10-03 18:05 - 2014-10-03 18:12 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Windows Live 2014-10-03 18:05 - 2014-10-03 18:06 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-10-03 18:05 - 2014-10-03 18:05 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2014-10-03 18:05 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2014-10-03 18:05 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2014-10-03 18:05 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2014-10-03 18:05 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2014-10-03 18:05 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2014-10-03 18:05 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2014-10-03 18:05 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2014-10-03 18:05 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2014-10-03 18:05 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2014-10-03 18:05 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll 2014-10-03 18:05 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll 2014-10-03 18:05 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll 2014-10-03 17:59 - 2014-10-03 17:59 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2014-10-03 17:59 - 2014-10-03 17:59 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-10-03 17:58 - 2014-10-03 17:58 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2014-10-03 17:58 - 2014-10-03 17:58 - 00000000 ____D () C:\Program Files\Reference Assemblies 2014-10-03 17:58 - 2014-10-03 17:58 - 00000000 ____D () C:\Program Files\MSBuild 2014-10-03 17:56 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2014-10-03 17:56 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2014-10-03 17:56 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2014-10-03 17:56 - 2013-08-03 06:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2014-10-03 17:56 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2014-10-03 17:56 - 2013-08-03 06:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2014-10-03 17:53 - 2014-10-03 17:53 - 01245384 _____ (Microsoft Corporation) C:\Users\Jakob\Downloads\wlsetup-web.exe 2014-09-22 09:58 - 2014-10-20 19:38 - 00000000 ____D () C:\Users\Jakob\Desktop\Ringvorlesung ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 19:25 - 2014-03-18 12:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-10-21 19:25 - 2014-03-18 11:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2014-10-21 19:25 - 2014-03-18 11:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2014-10-21 19:22 - 2014-05-19 11:22 - 01346886 _____ () C:\WINDOWS\WindowsUpdate.log 2014-10-21 19:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-10-21 00:58 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-10-21 00:57 - 2014-04-03 10:20 - 00000000 ___RD () C:\Users\Jakob\Dropbox 2014-10-21 00:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\IME 2014-10-21 00:42 - 2014-04-03 08:49 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-10-21 00:29 - 2014-04-01 15:28 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1039312522-3144380910-2287453735-1001 2014-10-20 23:29 - 2014-05-19 11:48 - 00337408 ___SH () C:\Users\Jakob\Desktop\Thumbs.db 2014-10-20 21:38 - 2014-08-29 00:52 - 00000840 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-10-20 21:38 - 2014-08-29 00:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-10-20 21:38 - 2014-08-29 00:52 - 00000000 ____D () C:\Program Files\CCleaner 2014-10-20 21:12 - 2014-04-03 10:06 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Dropbox 2014-10-20 19:35 - 2014-09-07 17:46 - 00000000 ____D () C:\Users\Jakob\Documents\Berlin 2014-10-20 19:01 - 2014-09-12 23:37 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B6643EDC-0B29-4799-B8E1-EDBD7CBC6CB5} 2014-10-20 12:45 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-10-17 19:08 - 2014-04-01 17:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-17 10:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-10-17 09:01 - 2013-08-22 16:44 - 05172136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-10-17 08:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer 2014-10-17 08:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager 2014-10-17 08:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera 2014-10-17 08:40 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-10-17 08:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-10-17 08:00 - 2014-07-10 16:33 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-10-17 03:46 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-10-17 03:37 - 2014-05-15 22:45 - 00001159 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-17 03:37 - 2014-04-14 15:04 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-17 03:37 - 2014-04-14 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-17 03:37 - 2014-04-14 15:04 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-10-13 21:31 - 2014-04-01 17:56 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-10-13 21:31 - 2014-04-01 15:22 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Adobe 2014-10-13 21:29 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-10-12 20:23 - 2014-04-03 08:48 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Adobe 2014-10-12 19:16 - 2014-04-02 08:55 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Skype 2014-10-12 12:17 - 2014-04-01 15:22 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Packages 2014-10-11 20:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-10-07 12:16 - 2014-04-15 12:49 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2014-10-07 12:16 - 2014-04-14 15:06 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2014-10-07 12:16 - 2014-04-14 15:06 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2014-10-04 16:15 - 2014-04-01 17:55 - 00000000 ____D () C:\ProgramData\Adobe 2014-10-04 16:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-10-04 12:29 - 2014-05-19 11:15 - 00000000 ____D () C:\Users\Jakob 2014-10-03 18:38 - 2014-04-04 07:05 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\vlc 2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-27 15:16 - 2014-06-04 16:22 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Microsoft Help 2014-09-26 00:39 - 2014-04-10 18:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-09-25 14:58 - 2014-09-17 19:10 - 00000000 ___HD () C:\Users\Jakob\AppData\Local\Qqrjjcpqa 2014-09-24 14:32 - 2014-09-20 15:10 - 00000000 ___HD () C:\Users\Jakob\AppData\Roaming\Gfyd 2014-09-22 09:55 - 2014-04-03 10:08 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Some content of TEMP: ==================== C:\Users\Jakob\AppData\Local\Temp\avgnt.exe C:\Users\Jakob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdplxdu.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-17 09:36 ==================== End Of Log ============================ Addition.txt:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by Jakob at 2014-10-21 19:27:27
Running from C:\Users\Jakob\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mendeley Desktop 1.11 (HKLM-x32\...\Mendeley Desktop) (Version: 1.11 - Mendeley Ltd.)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Español (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Skype™ 6.14 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.14.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1039312522-3144380910-2287453735-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1039312522-3144380910-2287453735-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1039312522-3144380910-2287453735-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1039312522-3144380910-2287453735-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1039312522-3144380910-2287453735-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1039312522-3144380910-2287453735-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1039312522-3144380910-2287453735-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1039312522-3144380910-2287453735-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1039312522-3144380910-2287453735-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
15-10-2014 18:30:01 Windows Update
20-10-2014 22:30:01 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1DA27D96-CF5C-45AC-ABE0-9E00052B6458} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {1DE0CA86-2FC0-42EE-B3E5-675AE49C6571} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2559CBD2-D54B-411A-84C9-E2A689E2115A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4443EB21-578D-4093-97EA-3712D0FBC8AA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-26] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7ADD4B94-453E-43D1-935C-F03DE7BE6A23} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-28] (Microsoft Corporation)
Task: {7BB1EC61-3140-48A7-9245-3DD56ECC42BA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {8165DDE6-5743-458A-A981-64F5527CFF73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {82C156F2-C3D5-4563-A425-B83897B7D9C4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-28] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8A0B5CB8-E74D-48C8-B8F4-F14EE298CEBB} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {8B983364-0FD5-4846-839E-264F61F70470} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A4ABF8FB-BEF2-43D5-854F-F8718CA82F4E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-13] (Microsoft Corporation)
Task: {A6C89775-A2F8-46E8-B5CB-4B33108DDDC0} - \EPUpdater No Task File <==== ATTENTION
Task: {A6D0038A-86BF-4526-942F-908C1919A48D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4F1838F-B2D1-4B45-AEF2-FB800DF0E0ED} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EBB97BF4-8F95-4E11-BB6C-05438F82F2B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2006-12-04 01:26 - 2006-12-04 01:26 - 00022016 _____ () C:\WINDOWS\System32\sugs1l6.dll
2014-04-10 18:33 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-25 02:22 - 2014-01-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-10-20 23:34 - 2014-10-06 18:43 - 00775400 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-14 23:40 - 2014-10-14 23:40 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-13 11:37 - 2014-06-13 11:37 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-13 11:37 - 2014-06-13 11:37 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-13 11:37 - 2014-06-13 11:37 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "user_name"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\Run: => "Lync"
HKCU\...\StartupApproved\Run: => "user_name"
HKCU\...\StartupApproved\Run: => "offline"
========================= Accounts: ==========================
Administrator (S-1-5-21-1039312522-3144380910-2287453735-500 - Administrator - Disabled)
Gast (S-1-5-21-1039312522-3144380910-2287453735-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1039312522-3144380910-2287453735-1003 - Limited - Enabled)
Jakob (S-1-5-21-1039312522-3144380910-2287453735-1001 - Administrator - Enabled) => C:\Users\Jakob
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/21/2014 07:26:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FRST64.exe, Version: 21.10.2014.0, Zeitstempel: 0x5445f485
Name des fehlerhaften Moduls: FRST64.exe, Version: 21.10.2014.0, Zeitstempel: 0x5445f485
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000247c9
ID des fehlerhaften Prozesses: 0x16fc
Startzeit der fehlerhaften Anwendung: 0xFRST64.exe0
Pfad der fehlerhaften Anwendung: FRST64.exe1
Pfad des fehlerhaften Moduls: FRST64.exe2
Berichtskennung: FRST64.exe3
Vollständiger Name des fehlerhaften Pakets: FRST64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FRST64.exe5
Error: (10/21/2014 00:51:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/21/2014 00:33:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/21/2014 00:30:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service beacon since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (10/21/2014 00:30:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service forum since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (10/21/2014 00:30:06 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (10/21/2014 00:00:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/21/2014 00:00:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/21/2014 00:00:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/21/2014 00:00:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
System errors:
=============
Error: (10/21/2014 00:57:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (10/21/2014 00:31:02 AM) (Source: DCOM) (EventID: 10010) (User: LAIMA)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (10/21/2014 00:30:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - Oktober 2014 (KB890830)
Error: (10/21/2014 00:30:29 AM) (Source: DCOM) (EventID: 10010) (User: LAIMA)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (10/17/2014 09:02:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst forum erreicht.
Error: (10/17/2014 09:02:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst ribbon erreicht.
Error: (10/17/2014 09:01:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (10/17/2014 09:00:46 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (10/17/2014 03:46:50 AM) (Source: DCOM) (EventID: 10010) (User: LAIMA)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (10/17/2014 03:46:20 AM) (Source: DCOM) (EventID: 10010) (User: LAIMA)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Microsoft Office Sessions:
=========================
Error: (10/21/2014 07:26:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe21.10.2014.05445f485FRST64.exe21.10.2014.05445f485c000000500000000000247c916fc01cfed5411ee93b3C:\Users\Jakob\Downloads\FRST64.exeC:\Users\Jakob\Downloads\FRST64.exe5cb737b2-5947-11e4-be86-6894237e7bfc
Error: (10/21/2014 00:51:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (10/21/2014 00:33:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (10/21/2014 00:30:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service beacon since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (10/21/2014 00:30:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service forum since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (10/21/2014 00:30:06 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
Error: (10/21/2014 00:00:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Jakob\Downloads\esetsmartinstaller_deu.exe
Error: (10/21/2014 00:00:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Jakob\Downloads\esetsmartinstaller_deu.exe
Error: (10/21/2014 00:00:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Jakob\Downloads\esetsmartinstaller_deu.exe
Error: (10/21/2014 00:00:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Jakob\Downloads\esetsmartinstaller_deu.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 46%
Total physical RAM: 3914.35 MB
Available physical RAM: 2100.38 MB
Total Pagefile: 6730.35 MB
Available Pagefile: 4205.35 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Win 8 ) (Fixed) (Total:238.13 GB) (Free:118.37 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 46C5B6CA)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 18.6 GB) (Disk ID: 4C666DC1)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
22.10.2014, 18:03
| #4 |
| /// the machine /// TB-Ausbilder | Virus? Vermehrte Meldungen, SQL, clipz, https seiten MBAM updaten, scannen, Funde löschen lassen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Virus? Vermehrte Meldungen, SQL, clipz, https seiten |
| fehlercode 0xc0000005, fehlercode windows, hijack.startpage, pup.optional.buenosearch, pup.optional.buenosearch.a, trojan.fakeami, trojan.krypt, win32/kryptik.cnwz, win32/toolbar.babylon.i, win32/winloadsda.h |
Linear-Darstellung
