| |
| |||||||
Log-Analyse und Auswertung: Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plockWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.11.2014, 13:49
| #1 |
 |  Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock Hallo Trojaner-Board Ich bin (leider) mal wider auf eure Hilfe angwiesen. Heute morgen meldete MSE einen Trojaner den ich in Quarantäne verschoben habe. Vollständiger Scan anschliessend brachte nix mehr aber die Suchläufe mit ESET und MBAM brachten Meldungen hoch. Es wäre nett wenn da mal einer rüberschauen könnte. Vielen Dank im voraus MBAM Log Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2014.11.05.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17358 Cak :: CAK-PC [Administrator] 05.11.2014 11:22:30 MBAM-log-2014-11-05 (13-31-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 557798 Laufzeit: 2 Stunde(n), 8 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\7093A903.cpp (Spyware.Zbot.ED) -> Keine Aktion durchgeführt. C:\Users\Cak\AppData\Local\Temp\Low\ogcG.dll (Spyware.Zbot.ED) -> Keine Aktion durchgeführt. C:\Users\Cak\AppData\Local\Temp\Low\U2Dv.dll (Trojan.FakeMS.ED) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter C:\Users\All Users\309A3907.dot Variante von Win64/Kryptik.GK Trojaner
C:\Users\All Users\7093A903.cpp Variante von Win32/Kryptik.CPAQ Trojaner
C:\ProgramData\309A3907.dot Variante von Win64/Kryptik.GK Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
C:\ProgramData\7093A903.cpp Variante von Win32/Kryptik.CPAQ Trojaner Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert
C:\Users\Cak\AppData\Local\Temp\Low\ogcG.dll Variante von Win32/Kryptik.CPAQ Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Cak\AppData\Local\Temp\Low\U2Dv.dll Variante von Win32/Kryptik.COZM Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
Arbeitsspeicher Mehrere Bedrohungen
Code:
ATTFilter Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 11-04-2014 16:55:14
************************************************************
2014-11-04T15:55:14.926Z Trace session started - MpWppTracing-11042014-165514-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96852
Each Bucket has max capacity of -> 1 entries
number of Entries is 67267
Number of invalid entries is 0
Number of inserts issued is 513115
Number of replaces issued is 0
Number of insert failures is 2570
Number of inserts with duplicate entries is 9968
Number of lookups is 18165204
Number of lookup misses is 3296974
Number of fast lookup misses is 6208031
Number of false fast lookups is 1208828
Number of invalidations is 41138
Number of maintenance invalidations is 64090
Current File Size is 2371584
Journal ID = 1ce0194bf803394
Trusted image state = 1 USN = 0
Setup boot count = 0
2014-11-04T15:55:14.942Z Verifying RTP plugin...
2014-11-04T15:55:14.942Z verified!
2014-11-04T15:55:14.957Z Verifying Nis plugin...
2014-11-04T15:55:14.957Z verified!
2014-11-04T15:55:14.957Z Initializing Nis plugin state...
2014-11-04T15:55:14.957Z Nis initialized!
2014-11-04T15:55:14.957Z Loading engine...
2014-11-04T15:55:15.347Z Verifying engine and signature files (source: 1) ...
2014-11-04T15:55:15.347Z verified!
2014-11-04T15:55:17.472Z Initializing SQM in engine...
2014-11-04T15:55:17.472Z SQM initialized in the engine successfully
2014-11-04T15:55:17.542Z CSignatureStatus: back to good
2014-11-04T15:55:17.542Z Initializing RTP plugin state...
2014-11-04T15:55:17.542Z initialized!
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:1548
AsyncQCurrent:0
BMFlags:8
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:5
TotalStreamCon:1113
TotalBitmap:101840
NTFS Cache Statistics:
TotalMisses:2982
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2014-11-04T15:55:17.662Z loaded!
2014-11-04T15:55:17.672Z Verifying license file...
2014-11-04T15:55:17.672Z verified!
2014-11-04T15:55:17.672Z Product supports installmode: 0
2014-11-04T15:55:17.672Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.6.305.0
Service Version: 4.6.305.0
Engine Version: 1.1.11104.0
AS Signature Version: 1.187.1228.0
AV Signature Version: 1.187.1228.0
************************************************************
2014-11-04T15:56:15.019Z Process scan (poststartupscan) started.
2014-11-04T15:56:16.704Z Process scan (poststartupscan) completed.
2014-11-04T15:57:23.940Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-04T15:57:23.972Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-04T16:05:29.633Z AutoPurgeWorker triggered with dwWork=0x3
2014-11-04T16:05:29.758Z Product supports installmode: 0
2014-11-04T16:05:31.037Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2014-11-04T16:05:31.037Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 31830870(ms)
2014-11-04T16:05:36.450Z Detection State: Finished(1) Failed(0) CriticalFailed(0) Additional Actions(0)
2014-11-04T16:05:36.934Z Trace buffers written: 5, events lost: 0, buffers lost: 0, days: 0
2014-11-04T16:05:36.934Z Trusted image bitmap: 0x0
2014-11-04T16:05:36.934Z Trusted image OEM name: (not found)
2014-11-04T16:05:36.996Z Task(-UploadSQM -RestrictPrivileges) launched
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{5DFB9888-0020-436F-B4B6-05A2171FF3C0}
Scan Source:7
Start Time:11-04-2014 18:54:31
End Time:11-04-2014 18:54:31
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRA~3\7093A903.cpp
Result Count:1
Unknown File
Identifier:347110553111494654
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Extended Info:5865782233411
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{3BD71219-E949-40E0-89A3-B8B333E29DC9}
Scan Source:7
Start Time:11-04-2014 18:54:51
End Time:11-04-2014 18:55:03
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\309A3907.dot
Result Count:1
Unknown File
Identifier:5109740018881003518
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\309A3907.dot
Extended Info:5864550273203
End Scan
************************************************************
DSS Timeout:Received results after timeout
2014-11-04T18:02:28.824Z Task(SignaturesUpdateService -UnmanagedUpdate) launched
2014-11-04T18:03:31.402Z Verifying engine and signature files (source: 0) ...
2014-11-04T18:03:31.543Z verified!
2014-11-04T18:03:36.301Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\7d44d915685b464d74d489c2a81a3a410b5b0657
Dynamic Signature Compilation Timestamp:01-01-1601 01:02:21
Persistence Type:VDM Version
Source Version:282278216073217
Expiration Version:282278216073217
2014-11-04T18:03:46.130Z Initializing SQM in engine...
2014-11-04T18:03:46.130Z SQM initialized in the engine successfully
2014-11-04T18:03:46.208Z Initializing RTP plugin state...
2014-11-04T18:03:46.208Z initialized!
****************************RTP Perf Log***************************
RTP Start:11-04-2014 16:55:17
Last Perf:11-04-2014 16:55:17
First RTP Scan:11-04-2014 16:55:18
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:3515
Misses:3960
BM Queue:7,235,0
Proc:0,190,0
File:7,235,0
Plugin Queue:0,1,0
Threat:0,1,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,3,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:10410
Pending:0
RegSize:60206
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:1013398
AsyncQCurrent:0
BMFlags:15
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:6
TotalStreamCon:3654
TotalBitmap:101840
NTFS Cache Statistics:
TotalMisses:11288
TotalHits:121393
InstanceCacheHits:78
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
Signature updated on 11-04-2014 19:03:46
Product Version: 4.6.305.0
Service Version: 4.6.305.0
Engine Version: 1.1.11104.0
AS Signature Version: 1.187.1292.0
AV Signature Version: 1.187.1292.0
************************************************************
2014-11-04T18:03:46.239Z Process scan (postsignatureupdatescan) started.
Signature updated via MicrosoftUpdateServer on 11-04-2014 19:03:46
************************************************************
2014-11-04T18:03:48.220Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-04T18:03:48.220Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
DSS Timeout:Received results after timeout
2014-11-04T18:03:56.685Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{00A128CF-EA28-41BC-92AF-00F6E1D788AD}
Scan Source:7
Start Time:11-04-2014 19:03:56
End Time:11-04-2014 19:04:03
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2812,ProcessStart:130595972720472967
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2888,ProcessStart:130595972717172963
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Result Count:1
Unknown File
Identifier:347110553111494654
Number of Resources:3
Resource Schema:process
Resource Path:pid:2812,ProcessStart:130595972720472967
Extended Info:0
Resource Schema:process
Resource Path:pid:2888,ProcessStart:130595972717172963
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Extended Info:5865782233411
End Scan
************************************************************
DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x0000055565173AD3, signame=#VirTool:Win32/Obfuscator.ADB
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{099A2150-2F11-49A0-AC5E-991D8FD725F6}
Scan Source:7
Start Time:11-04-2014 20:49:03
End Time:11-04-2014 20:49:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2812,ProcessStart:130595972720472967
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2888,ProcessStart:130595972717172963
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\overlay.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\309A3907.dot
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Explicit resource to scan
Resource Schema:startup
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Result Count:2
Unknown File
Identifier:8440141038399520766
Number of Resources:4
Resource Schema:process
Resource Path:pid:2888,ProcessStart:130595972717172963
Extended Info:0
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:0
Resource Schema:file
Resource Path:C:\ProgramData\7093A903.cpp
Extended Info:0
Resource Schema:startup
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:0
Unknown File
Identifier:5109740018881003518
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\309A3907.dot
Extended Info:5864550273203
End Scan
************************************************************
DSS Timeout:Received results after timeout
2014-11-05T02:28:24.260Z Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched
2014-11-05T02:29:19.781Z Verifying engine and signature files (source: 0) ...
2014-11-05T02:29:19.921Z verified!
2014-11-05T02:29:33.930Z Initializing SQM in engine...
2014-11-05T02:29:33.930Z SQM initialized in the engine successfully
2014-11-05T02:29:34.024Z Initializing RTP plugin state...
2014-11-05T02:29:34.024Z initialized!
****************************RTP Perf Log***************************
RTP Start:11-04-2014 19:03:46
Last Perf:11-04-2014 19:03:46
First RTP Scan:11-04-2014 19:03:46
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:2873
Misses:4135
BM Queue:0,214,0
Proc:0,30,0
File:0,214,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:28105
Pending:0
RegSize:60206
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:7322350
AsyncQCurrent:0
BMFlags:15
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:6
TotalStreamCon:7807
TotalBitmap:101840
NTFS Cache Statistics:
TotalMisses:18622
TotalHits:230748
InstanceCacheHits:156
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
Signature updated on 11-05-2014 03:29:34
Product Version: 4.6.305.0
Service Version: 4.6.305.0
Engine Version: 1.1.11104.0
AS Signature Version: 1.187.1329.0
AV Signature Version: 1.187.1329.0
************************************************************
2014-11-05T02:29:34.070Z Process scan (postsignatureupdatescan) started.
Signature updated via MicrosoftUpdateServer on 11-05-2014 03:29:34
************************************************************
2014-11-05T02:29:36.052Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-05T02:29:36.067Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
2014-11-05T02:29:38.080Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-05T02:29:38.080Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-05T02:29:39.421Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000055565173AD3, signame=#VirTool:Win32/Obfuscator.ADB
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
|
|
05.11.2014, 13:56
| #2 |
| /// the machine /// TB-Ausbilder    | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
05.11.2014, 14:04
| #3 |
| | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock sodele hier die gewünschten logs
__________________FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Cak (administrator) on CAK-PC on 05-11-2014 14:00:38
Running from C:\Users\Cak\Desktop
Loaded Profile: Cak (Available profiles: Cak)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-03-18] (Sony Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3812126910-346978619-1325485556-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-3812126910-346978619-1325485556-1000\...\MountPoints2: I - I:\Autorun.exe
HKU\S-1-5-21-3812126910-346978619-1325485556-1000\...\MountPoints2: {72b93b26-8d74-11e2-9982-001fd09b957d} - G:\iStudio.exe
HKU\S-1-5-21-3812126910-346978619-1325485556-1000\...\MountPoints2: {941e2ad9-6d8f-11e2-a3dd-001fd09b957d} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\index.html
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\7093A903.cpp (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01D942CEAB01CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cak\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-09-15]
FF Extension: WOT - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: NoScript - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-02-03]
FF Extension: Adblock Plus - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-06-23]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-01] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-02-15] (Sony Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-03] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-04] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-05 14:00 - 2014-11-05 14:01 - 00014746 _____ () C:\Users\Cak\Desktop\FRST.txt
2014-11-05 14:00 - 2014-11-05 14:00 - 00000000 ____D () C:\FRST
2014-11-05 13:59 - 2014-11-05 13:59 - 02114560 _____ (Farbar) C:\Users\Cak\Desktop\FRST64.exe
2014-11-02 02:15 - 2014-11-02 02:15 - 00000000 ____D () C:\Users\Cak\AppData\Local\FalloutNV
2014-10-30 12:44 - 2014-10-30 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-19 00:00 - 2014-11-04 16:55 - 00001299 _____ () C:\Windows\setupact.log
2014-10-19 00:00 - 2014-10-19 00:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-17 21:59 - 2014-10-17 21:58 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-17 21:58 - 2014-10-17 21:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-17 21:58 - 2014-10-17 21:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-17 21:58 - 2014-10-17 21:58 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 21:58 - 2014-10-17 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 14:20 - 2014-10-17 14:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-17 14:15 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 14:15 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 14:15 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 14:15 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 14:15 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 14:15 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 14:15 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-17 14:14 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 14:14 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 14:14 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 14:14 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 14:14 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 14:14 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 14:14 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 14:14 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 14:14 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 14:14 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 14:14 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 14:14 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 14:14 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 14:14 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 14:14 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 14:14 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 14:14 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 14:14 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 14:14 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 14:14 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 14:14 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 14:14 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 14:14 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 14:14 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 14:14 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 14:14 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 14:14 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 14:14 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 14:14 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 14:14 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 14:14 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 14:14 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 14:14 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 14:14 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 14:14 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 14:14 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 14:14 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 14:14 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 14:14 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 14:14 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 14:14 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 14:14 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 14:14 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 14:14 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 14:14 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 14:14 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 14:14 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 14:14 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 14:14 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 14:14 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 14:14 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 14:14 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 14:14 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 14:14 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 14:14 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 14:14 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 14:14 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 14:14 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 14:14 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 14:14 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 14:14 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 14:14 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 14:14 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 14:14 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 14:14 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 14:11 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 14:11 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 14:11 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 14:11 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-05 13:15 - 2013-07-10 18:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 12:06 - 2013-02-02 23:34 - 01464062 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 10:11 - 2013-04-24 14:42 - 00000000 ____D () C:\Users\Cak\AppData\Roaming\vlc
2014-11-04 17:02 - 2010-11-21 07:22 - 00699490 _____ () C:\Windows\system32\perfh007.dat
2014-11-04 17:02 - 2010-11-21 07:22 - 00149630 _____ () C:\Windows\system32\perfc007.dat
2014-11-04 17:02 - 2009-07-14 06:13 - 01620932 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 17:02 - 2009-07-14 05:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 17:02 - 2009-07-14 05:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 16:55 - 2013-02-03 00:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-04 16:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 00:44 - 2013-02-03 11:55 - 00000000 ____D () C:\Users\Cak\AppData\Roaming\IrfanView
2014-11-02 02:15 - 2013-02-03 20:39 - 00000000 ____D () C:\Users\Cak\Documents\My Games
2014-11-02 02:15 - 2013-02-03 12:15 - 00370104 _____ () C:\Windows\DirectX.log
2014-11-02 00:18 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-01 15:35 - 2013-02-06 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-31 18:51 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 13:41 - 2013-02-03 13:54 - 00000000 ____D () C:\Users\Cak\Documents\Dine
2014-10-27 18:52 - 2013-02-03 13:54 - 00000000 ____D () C:\Users\Cak\Documents\Doc'S
2014-10-25 18:46 - 2013-02-04 14:49 - 00000000 ____D () C:\Users\Cak\Documents\Settlers7
2014-10-19 12:30 - 2014-05-26 22:24 - 00000000 ____D () C:\Users\Cak\Documents\Rocrail
2014-10-17 23:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 22:01 - 2014-10-04 19:38 - 00000000 ____D () C:\Users\Cak\AppData\Local\Adobe
2014-10-17 22:01 - 2013-07-10 18:51 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-17 22:01 - 2013-02-13 21:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-17 22:01 - 2013-02-13 21:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 21:59 - 2013-09-26 19:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 21:52 - 2009-07-14 05:45 - 00288216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 21:50 - 2014-04-22 23:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 14:20 - 2013-07-10 18:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 14:16 - 2011-12-03 21:05 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 00:48
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Cak at 2014-11-05 14:01:27
Running from C:\Users\Cak\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.7.5.30 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.11.10 - Your Company Name) Hidden
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.01.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ATI Catalyst Install Manager (HKLM\...\{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version: - )
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free YouTube Download version 3.2.30.319 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.30.319 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
Internetinformationsdienste (IIS) 7+-Manager (HKLM\...\{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}) (Version: 7.1.0.0 - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jagged Alliance - Back in Action Demo (HKLM-x32\...\Steam App 204920) (Version: - Coreplay GmbH)
Jagged Alliance Online - Steam Edition (HKLM-x32\...\Steam App 218450) (Version: - Cliffhanger Productions)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.6.12.20 - Eastman Kodak Company)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lernerfolg Vorschule - Capt'n Sharky (HKLM-x32\...\Lernerfolg Vorschule - Capt'n Sharky) (Version: - )
Malwarebytes Anti-Malware Version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version: - LucasArts)
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PanzerIIID 3D v2.5 (HKLM-x32\...\Panzer General 3D PL v2.5_is1) (Version: - )
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version: - FarSight Studios)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Reader for PC (HKLM-x32\...\{11CBB0F5-989E-4B16-AE7E-D569AC4BF241}) (Version: 2.0.02.15180 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Rocrail -rev7371 (HKLM-x32\...\Rocrail_is1) (Version: - rocrail.net)
Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (x32 Version: 1.0 - Ihr Firmenname) Hidden
Rome Total War - patch 1.3 (HKLM-x32\...\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}) (Version: 1.3 - )
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinTrack Demo Version 11.0 3D (HKLM-x32\...\wintrack11demo_is1) (Version: 11.0 3D - Ing.-Büro Schneider)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
24-10-2014 01:25:54 Windows Update
27-10-2014 02:25:58 Windows Update
30-10-2014 16:05:04 Windows Update
02-11-2014 01:14:01 DirectX wurde installiert
03-11-2014 02:19:05 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2013-03-10 20:46 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {9C1A38B0-6F6E-404C-9CBB-9D2019E2FBDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)
Task: {E49638B1-66D6-4DB3-934D-2E840FCE042F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-05-30 20:32 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-02-04 13:08 - 2013-04-01 16:37 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-11-21 08:07 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2013-03-18 12:56 - 2013-03-18 12:56 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2013-02-15 11:17 - 2013-02-15 11:17 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2014-10-30 12:44 - 2014-10-30 12:44 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: Kodak AiO Status Monitor Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony SCSI Helper Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Cak\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
MSCONFIG\startupreg: Steam => "D:\Steam\Steam.exe" -silent
========================= Accounts: ==========================
Administrator (S-1-5-21-3812126910-346978619-1325485556-500 - Administrator - Disabled)
Cak (S-1-5-21-3812126910-346978619-1325485556-1000 - Administrator - Enabled) => C:\Users\Cak
Gast (S-1-5-21-3812126910-346978619-1325485556-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/05/2014 00:00:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/04/2014 07:41:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7581e4e4
ID des fehlerhaften Prozesses: 0xafc
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3
Error: (11/04/2014 06:25:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/04/2014 05:49:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/04/2014 04:56:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2014 10:59:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FalloutNV.exe, Version: 1.4.0.525, Zeitstempel: 0x4e0d50ed
Name des fehlerhaften Moduls: FalloutNV.exe, Version: 1.4.0.525, Zeitstempel: 0x4e0d50ed
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0090d7d8
ID des fehlerhaften Prozesses: 0x4548
Startzeit der fehlerhaften Anwendung: 0xFalloutNV.exe0
Pfad der fehlerhaften Anwendung: FalloutNV.exe1
Pfad des fehlerhaften Moduls: FalloutNV.exe2
Berichtskennung: FalloutNV.exe3
Error: (11/03/2014 01:34:28 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/02/2014 00:06:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: ogcG.dll, Version: 0.2.0.0, Zeitstempel: 0x2a425e19
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001bda
ID des fehlerhaften Prozesses: 0x1fdc
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3
Error: (11/01/2014 05:43:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/01/2014 03:37:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/01/2014 03:36:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 01.11.2014 um 15:34:46 unerwartet heruntergefahren.
Error: (10/27/2014 04:25:13 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.
Error: (10/23/2014 07:09:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/23/2014 07:09:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (10/22/2014 09:46:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%1115
Error: (10/19/2014 00:31:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/19/2014 00:31:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (10/14/2014 07:01:01 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "DINE-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{679BEB63-19D2-40BA-83C8-991F58E6C8C2}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (10/05/2014 09:55:17 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
Error: (10/05/2014 09:55:17 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
Microsoft Office Sessions:
=========================
Error: (11/05/2014 00:00:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/04/2014 07:41:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c00000057581e4e4afc01cff8586319b387C:\Windows\SysWOW64\rundll32.exeunknown31cc9d83-6452-11e4-8811-001fd09b957d
Error: (11/04/2014 06:25:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/04/2014 05:49:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/04/2014 04:56:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2014 10:59:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FalloutNV.exe1.4.0.5254e0d50edFalloutNV.exe1.4.0.5254e0d50edc00000050090d7d8454801cff7a6d1fde2b5D:\Steam\steamapps\common\Fallout New Vegas\FalloutNV.exeD:\Steam\steamapps\common\Fallout New Vegas\FalloutNV.exe9d4220d3-63a4-11e4-8c6c-001fd09b957d
Error: (11/03/2014 01:34:28 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/02/2014 00:06:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637ogcG.dll0.2.0.02a425e19c000000500001bda1fdc01cff6287acfe67bC:\Windows\SysWOW64\rundll32.exeC:\Users\Cak\AppData\Local\Temp\Low\ogcG.dllc52a9fd6-621b-11e4-8c6c-001fd09b957d
Error: (11/01/2014 05:43:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/01/2014 03:37:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 920 Processor
Percentage of memory in use: 63%
Total physical RAM: 4094.49 MB
Available physical RAM: 1485.16 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 5488.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:74.26 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:120.23 GB) NTFS
Drive e: () (Fixed) (Total:492.06 GB) (Free:302.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CA181CD6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=492.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
06.11.2014, 08:29
| #4 |
| /// the machine /// TB-Ausbilder | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.11.2014, 09:22
| #5 |
| | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock Hier das gewünschte log Code:
ATTFilter ComboFix 14-10-29.01 - Cak 06.11.2014 9:04.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.4094.2668 [GMT 1:00]
ausgeführt von:: c:\users\Cak\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-06 bis 2014-11-06 ))))))))))))))))))))))))))))))
.
.
2014-11-06 08:09 . 2014-11-06 08:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-05 16:06 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ADD8A35-157B-4EB9-AAA1-1CAA4D299571}\mpengine.dll
2014-11-05 13:00 . 2014-11-05 13:02 -------- d-----w- C:\FRST
2014-11-05 09:12 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-04 02:19 . 2014-09-16 15:27 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67C17EB2-9DDB-4A8A-8C1D-D8E0666DA957}\gapaengine.dll
2014-11-02 01:15 . 2014-11-02 01:15 -------- d-----w- c:\users\Cak\AppData\Local\FalloutNV
2014-10-17 20:59 . 2014-10-17 20:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-17 20:58 . 2014-10-17 20:58 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-17 13:20 . 2014-10-17 13:20 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2014-10-17 13:15 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll
2014-10-17 13:15 . 2014-07-17 02:07 681984 ----a-w- c:\windows\system32\termsrv.dll
2014-10-17 13:15 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll
2014-10-17 13:15 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-17 13:15 . 2014-07-17 02:07 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-10-17 13:15 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-10-17 13:15 . 2014-07-17 02:07 22016 ----a-w- c:\windows\system32\credssp.dll
2014-10-17 13:15 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
2014-10-17 13:15 . 2014-07-17 01:39 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-10-17 13:15 . 2014-07-17 01:39 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-10-17 13:15 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-10-17 13:11 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-10-17 13:11 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-10-17 13:11 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-17 13:11 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-17 21:01 . 2013-02-13 20:08 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-17 21:01 . 2013-02-13 20:08 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-17 13:16 . 2011-12-03 20:05 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-09-25 02:08 . 2014-10-04 18:37 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-04 18:37 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-16 15:27 . 2013-03-12 18:35 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 22:11 . 2014-09-24 15:58 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 15:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-01 16:01 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-31 21:34 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-31 21:34 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-27 18:29 297128 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2013-03-18 899400]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-05-28 310064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
c:\users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
program.lnk - c:\windows\system32\rundll32.exe c:\progra~3\7093A903.cpp,zSS1 [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
R4 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-13 21:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-20 16:08 357432 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-26 13213840]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\
FF - prefs.js: browser.startup.homepage - about:newtab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:06,45,70,4e,75,4e,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,84,a8,a9,18,17,26,40,8f,a7,90,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,84,a8,a9,18,17,26,40,8f,a7,90,\
.
[HKEY_USERS\S-1-5-21-3812126910-346978619-1325485556-1000\Software\SecuROM\License information*]
"datasecu"=hex:35,d9,4f,db,92,b3,fe,96,56,f8,6a,2a,6a,5c,be,05,fb,9a,5f,c5,74,
69,cc,ba,17,72,fa,6a,fd,94,ac,40,4c,d1,50,90,3f,30,1a,fb,c9,c2,00,55,f3,5a,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-06 09:17:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-11-06 08:17
.
Vor Suchlauf: 11 Verzeichnis(se), 80.665.358.336 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 80.190.590.976 Bytes frei
.
- - End Of File - - 1D4F726B3C8EA680BD41C50945792B99
A36C5E4F47E84449FF07ED3517B43A31
|
|
06.11.2014, 20:33
| #6 |
| /// the machine /// TB-Ausbilder | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock |
|
06.11.2014, 21:41
| #7 |
| | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock so weiter gehts  Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.11.2014 Suchlauf-Zeit: 20:49:39 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.06.08 Rootkit Datenbank: v2014.11.01.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Cak Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 330614 Verstrichene Zeit: 19 Min, 54 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.002 - Bericht erstellt am 06/11/2014 um 21:18:47
# DB v2014-11-02.1
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)
# Benutzername : Cak - CAK-PC
# Gestartet von : C:\Users\Cak\Desktop\AdwCleaner_4.002.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Cak\AppData\Roaming\dvdvideosoftiehelpers
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0.2 (x86 de)
*************************
AdwCleaner[R0].txt - [3220 octets] - [06/11/2014 21:11:19]
AdwCleaner[R1].txt - [3280 octets] - [06/11/2014 21:17:38]
AdwCleaner[S0].txt - [2965 octets] - [06/11/2014 21:18:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3025 octets] ##########
Nach dem Neustart kam eine Fehlermeldung: RunDLL - Problem beim starten C:/Progra~3/7093A903.cpp Das angegebene Modul wurde nicht gefunden Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Enterprise x64
Ran by Cak on 06.11.2014 at 21:23:21,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Cak\AppData\Roaming\mozilla\firefox\profiles\tms54fct.default\minidumps [650 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.11.2014 at 21:25:48,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nachdem JRT gescannt hatte sind alle Symbole rechts unten im Infobereich der Taskleiste verschwunden nur Lautstärke und Netzwerk sind noch vorhanden Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Cak (administrator) on CAK-PC on 06-11-2014 21:29:27
Running from C:\Users\Cak\Desktop
Loaded Profile: Cak (Available profiles: Cak)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-03-18] (Sony Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-3812126910-346978619-1325485556-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\7093A903.cpp (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01D942CEAB01CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3812126910-346978619-1325485556-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cak\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-09-15]
FF Extension: WOT - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: NoScript - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-02-03]
FF Extension: Adblock Plus - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-03]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-06-23]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-01] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-02-15] (Sony Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-03] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-04] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-06 21:29 - 2014-11-06 21:30 - 00013433 _____ () C:\Users\Cak\Desktop\FRST.txt
2014-11-06 21:25 - 2014-11-06 21:25 - 00000752 _____ () C:\Users\Cak\Desktop\JRT.txt
2014-11-06 21:23 - 2014-11-06 21:23 - 00000000 ____D () C:\Windows\ERUNT
2014-11-06 21:11 - 2014-11-06 21:18 - 00000000 ____D () C:\AdwCleaner
2014-11-06 21:10 - 2014-11-06 21:10 - 00001196 _____ () C:\Users\Cak\Desktop\mbam.txt
2014-11-06 20:48 - 2014-11-06 20:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 20:47 - 2014-11-06 20:47 - 01998336 _____ () C:\Users\Cak\Desktop\AdwCleaner_4.002.exe
2014-11-06 20:45 - 2014-11-06 20:45 - 01706939 _____ (Thisisu) C:\Users\Cak\Desktop\JRT.exe
2014-11-06 20:44 - 2014-11-06 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-06 20:44 - 2014-11-06 20:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-06 20:44 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-06 20:44 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-06 09:17 - 2014-11-06 09:17 - 00019914 _____ () C:\ComboFix.txt
2014-11-06 09:01 - 2014-11-06 09:17 - 00000000 ____D () C:\Qoobox
2014-11-06 09:01 - 2014-11-06 09:16 - 00000000 ____D () C:\Windows\erdnt
2014-11-06 09:01 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-06 09:01 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-06 09:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-05 18:03 - 2014-11-05 18:03 - 05591672 ____R (Swearware) C:\Users\Cak\Desktop\ComboFix.exe
2014-11-05 14:00 - 2014-11-06 21:29 - 00000000 ____D () C:\FRST
2014-11-05 13:59 - 2014-11-05 13:59 - 02114560 _____ (Farbar) C:\Users\Cak\Desktop\FRST64.exe
2014-11-02 02:15 - 2014-11-02 02:15 - 00000000 ____D () C:\Users\Cak\AppData\Local\FalloutNV
2014-10-30 12:44 - 2014-10-30 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-19 00:00 - 2014-11-06 21:20 - 00001971 _____ () C:\Windows\setupact.log
2014-10-19 00:00 - 2014-10-19 00:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-17 21:59 - 2014-10-17 21:58 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-17 21:58 - 2014-10-17 21:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-17 21:58 - 2014-10-17 21:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-17 21:58 - 2014-10-17 21:58 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 21:58 - 2014-10-17 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 14:20 - 2014-10-17 14:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-17 14:15 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 14:15 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 14:15 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 14:15 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 14:15 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 14:15 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 14:15 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-17 14:14 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 14:14 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 14:14 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 14:14 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 14:14 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 14:14 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 14:14 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 14:14 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 14:14 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 14:14 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 14:14 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 14:14 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 14:14 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 14:14 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 14:14 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 14:14 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 14:14 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 14:14 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 14:14 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 14:14 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 14:14 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 14:14 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 14:14 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 14:14 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 14:14 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 14:14 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 14:14 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 14:14 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 14:14 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 14:14 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 14:14 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 14:14 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 14:14 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 14:14 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 14:14 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 14:14 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 14:14 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 14:14 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 14:14 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 14:14 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 14:14 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 14:14 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 14:14 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 14:14 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 14:14 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 14:14 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 14:14 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 14:14 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 14:14 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 14:14 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 14:14 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 14:14 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 14:14 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 14:14 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 14:14 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 14:14 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 14:14 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 14:14 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 14:14 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 14:14 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 14:14 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 14:14 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 14:14 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 14:14 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 14:14 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 14:11 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 14:11 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 14:11 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 14:11 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-06 21:27 - 2010-11-21 07:22 - 00699490 _____ () C:\Windows\system32\perfh007.dat
2014-11-06 21:27 - 2010-11-21 07:22 - 00149630 _____ () C:\Windows\system32\perfc007.dat
2014-11-06 21:27 - 2009-07-14 06:13 - 01620932 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 21:27 - 2009-07-14 05:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 21:27 - 2009-07-14 05:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 21:23 - 2013-02-02 23:34 - 01548428 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 21:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 21:19 - 2013-02-03 00:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-06 21:19 - 2010-11-21 04:47 - 00226696 _____ () C:\Windows\PFRO.log
2014-11-06 21:14 - 2013-07-10 18:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 20:44 - 2013-02-03 12:25 - 00000000 ____D () C:\Users\Cak\AppData\Roaming\Malwarebytes
2014-11-06 20:44 - 2013-02-03 11:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-06 20:44 - 2013-02-03 11:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-06 17:43 - 2013-11-19 23:41 - 02347384 _____ (ESET) C:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
2014-11-06 16:06 - 2013-04-24 14:42 - 00000000 ____D () C:\Users\Cak\AppData\Roaming\vlc
2014-11-06 09:17 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-06 09:13 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-06 09:11 - 2009-07-14 03:34 - 61603840 _____ () C:\Windows\system32\config\software.bak
2014-11-06 09:11 - 2009-07-14 03:34 - 17039360 _____ () C:\Windows\system32\config\system.bak
2014-11-06 09:11 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-11-06 09:11 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-11-06 09:11 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-05 17:34 - 2013-02-03 13:54 - 00000000 ____D () C:\Users\Cak\Documents\Dine
2014-11-03 00:44 - 2013-02-03 11:55 - 00000000 ____D () C:\Users\Cak\AppData\Roaming\IrfanView
2014-11-02 02:15 - 2013-02-03 20:39 - 00000000 ____D () C:\Users\Cak\Documents\My Games
2014-11-02 02:15 - 2013-02-03 12:15 - 00370104 _____ () C:\Windows\DirectX.log
2014-11-02 00:18 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-01 15:35 - 2013-02-06 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-31 18:51 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 18:52 - 2013-02-03 13:54 - 00000000 ____D () C:\Users\Cak\Documents\Doc'S
2014-10-25 18:46 - 2013-02-04 14:49 - 00000000 ____D () C:\Users\Cak\Documents\Settlers7
2014-10-19 12:30 - 2014-05-26 22:24 - 00000000 ____D () C:\Users\Cak\Documents\Rocrail
2014-10-17 23:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 22:01 - 2014-10-04 19:38 - 00000000 ____D () C:\Users\Cak\AppData\Local\Adobe
2014-10-17 22:01 - 2013-07-10 18:51 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-17 22:01 - 2013-02-13 21:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-17 22:01 - 2013-02-13 21:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 21:59 - 2013-09-26 19:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 21:52 - 2009-07-14 05:45 - 00288216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 21:50 - 2014-04-22 23:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 14:20 - 2013-07-10 18:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 14:16 - 2011-12-03 21:05 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Cak\AppData\Local\Temp\Quarantine.exe
C:\Users\Cak\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 00:48
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Cak at 2014-11-06 21:30:23
Running from C:\Users\Cak\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.7.5.30 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.11.10 - Your Company Name) Hidden
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.01.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ATI Catalyst Install Manager (HKLM\...\{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version: - )
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free YouTube Download version 3.2.30.319 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.30.319 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
Internetinformationsdienste (IIS) 7+-Manager (HKLM\...\{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}) (Version: 7.1.0.0 - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jagged Alliance - Back in Action Demo (HKLM-x32\...\Steam App 204920) (Version: - Coreplay GmbH)
Jagged Alliance Online - Steam Edition (HKLM-x32\...\Steam App 218450) (Version: - Cliffhanger Productions)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.6.12.20 - Eastman Kodak Company)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lernerfolg Vorschule - Capt'n Sharky (HKLM-x32\...\Lernerfolg Vorschule - Capt'n Sharky) (Version: - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version: - LucasArts)
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PanzerIIID 3D v2.5 (HKLM-x32\...\Panzer General 3D PL v2.5_is1) (Version: - )
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version: - FarSight Studios)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Reader for PC (HKLM-x32\...\{11CBB0F5-989E-4B16-AE7E-D569AC4BF241}) (Version: 2.0.02.15180 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Rocrail -rev7371 (HKLM-x32\...\Rocrail_is1) (Version: - rocrail.net)
Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (x32 Version: 1.0 - Ihr Firmenname) Hidden
Rome Total War - patch 1.3 (HKLM-x32\...\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}) (Version: 1.3 - )
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinTrack Demo Version 11.0 3D (HKLM-x32\...\wintrack11demo_is1) (Version: 11.0 3D - Ing.-Büro Schneider)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-10-2014 02:25:58 Windows Update
30-10-2014 16:05:04 Windows Update
02-11-2014 01:14:01 DirectX wurde installiert
03-11-2014 02:19:05 Windows Update
06-11-2014 08:01:45 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-11-06 09:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {9C1A38B0-6F6E-404C-9CBB-9D2019E2FBDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)
Task: {E49638B1-66D6-4DB3-934D-2E840FCE042F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-05-30 20:32 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-04 13:08 - 2013-04-01 16:37 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-03-18 12:56 - 2013-03-18 12:56 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2013-02-15 11:17 - 2013-02-15 11:17 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2014-10-30 12:44 - 2014-10-30 12:44 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: Kodak AiO Status Monitor Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony SCSI Helper Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Cak\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
MSCONFIG\startupreg: Steam => "D:\Steam\Steam.exe" -silent
========================= Accounts: ==========================
Administrator (S-1-5-21-3812126910-346978619-1325485556-500 - Administrator - Disabled)
Cak (S-1-5-21-3812126910-346978619-1325485556-1000 - Administrator - Enabled) => C:\Users\Cak
Gast (S-1-5-21-3812126910-346978619-1325485556-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 920 Processor
Percentage of memory in use: 48%
Total physical RAM: 4094.49 MB
Available physical RAM: 2094.54 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 5926.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:73.93 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:120.23 GB) NTFS
Drive e: () (Fixed) (Total:492.06 GB) (Free:302.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CA181CD6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=492.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
edit: nach einem Neustart alle Taskleistensymbole wieder vorhanden Geändert von cakken (06.11.2014 um 21:57 Uhr) |
|
07.11.2014, 19:24
| #8 |
| /// the machine /// TB-Ausbilder | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plockESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.11.2014, 11:39
| #9 |
| | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock MSE brachte heut erneut Meldungen aber erstmal die gewünschten logs Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6eeabb6e45c5dd4a8a3f9b9aff3ee40e
# engine=20984
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-08 01:42:59
# local_time=2014-11-08 02:42:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4821880 86701001 0 0
# scanned=260557
# found=0
# cleaned=0
# scan_time=13076
Code:
ATTFilter Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.6001)
Java 7 Update 71
Java version out of Date!
Adobe Flash Player 15.0.0.189
Mozilla Firefox (33.0.3)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014
Ran by Cak at 2014-11-08 11:24:48
Running from C:\Users\Cak\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.7.5.30 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.11.10 - Your Company Name) Hidden
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.01.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ATI Catalyst Install Manager (HKLM\...\{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version: - )
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free YouTube Download version 3.2.30.319 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.30.319 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
Internetinformationsdienste (IIS) 7+-Manager (HKLM\...\{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}) (Version: 7.1.0.0 - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jagged Alliance - Back in Action Demo (HKLM-x32\...\Steam App 204920) (Version: - Coreplay GmbH)
Jagged Alliance Online - Steam Edition (HKLM-x32\...\Steam App 218450) (Version: - Cliffhanger Productions)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.6.12.20 - Eastman Kodak Company)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lernerfolg Vorschule - Capt'n Sharky (HKLM-x32\...\Lernerfolg Vorschule - Capt'n Sharky) (Version: - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version: - LucasArts)
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PanzerIIID 3D v2.5 (HKLM-x32\...\Panzer General 3D PL v2.5_is1) (Version: - )
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version: - FarSight Studios)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Reader for PC (HKLM-x32\...\{11CBB0F5-989E-4B16-AE7E-D569AC4BF241}) (Version: 2.0.02.15180 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Rocrail -rev7371 (HKLM-x32\...\Rocrail_is1) (Version: - rocrail.net)
Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (x32 Version: 1.0 - Ihr Firmenname) Hidden
Rome Total War - patch 1.3 (HKLM-x32\...\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}) (Version: 1.3 - )
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinTrack Demo Version 11.0 3D (HKLM-x32\...\wintrack11demo_is1) (Version: 11.0 3D - Ing.-Büro Schneider)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
30-10-2014 16:05:04 Windows Update
02-11-2014 01:14:01 DirectX wurde installiert
03-11-2014 02:19:05 Windows Update
06-11-2014 08:01:45 ComboFix created restore point
06-11-2014 20:31:21 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-11-06 09:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {9C1A38B0-6F6E-404C-9CBB-9D2019E2FBDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)
Task: {E49638B1-66D6-4DB3-934D-2E840FCE042F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-05-30 20:32 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-02-04 13:08 - 2013-04-01 16:37 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-03-18 12:56 - 2013-03-18 12:56 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2013-02-15 11:17 - 2013-02-15 11:17 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2014-11-07 20:40 - 2014-11-07 20:40 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\system32\Drivers\idugaatx.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\pgtoykno.sys:changelist
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: Kodak AiO Status Monitor Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony SCSI Helper Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Cak\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
MSCONFIG\startupreg: Steam => "D:\Steam\Steam.exe" -silent
========================= Accounts: ==========================
Administrator (S-1-5-21-3812126910-346978619-1325485556-500 - Administrator - Disabled)
Cak (S-1-5-21-3812126910-346978619-1325485556-1000 - Administrator - Enabled) => C:\Users\Cak
Gast (S-1-5-21-3812126910-346978619-1325485556-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/08/2014 03:10:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 11:04:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 11:03:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 11:03:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 11:03:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 08:29:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 08:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 08:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 08:29:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 08:23:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (11/08/2014 03:10:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/07/2014 11:04:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 11:03:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 11:03:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 11:03:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 08:29:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 08:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 08:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 08:29:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 08:23:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 920 Processor
Percentage of memory in use: 48%
Total physical RAM: 4094.49 MB
Available physical RAM: 2125.82 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 6317.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:74.4 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:120.23 GB) NTFS
Drive e: () (Fixed) (Total:492.06 GB) (Free:302.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CA181CD6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=492.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014
Ran by Cak at 2014-11-08 11:24:48
Running from C:\Users\Cak\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.7.5.30 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.11.10 - Your Company Name) Hidden
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.01.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ATI Catalyst Install Manager (HKLM\...\{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version: - )
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free YouTube Download version 3.2.30.319 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.30.319 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
Internetinformationsdienste (IIS) 7+-Manager (HKLM\...\{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}) (Version: 7.1.0.0 - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jagged Alliance - Back in Action Demo (HKLM-x32\...\Steam App 204920) (Version: - Coreplay GmbH)
Jagged Alliance Online - Steam Edition (HKLM-x32\...\Steam App 218450) (Version: - Cliffhanger Productions)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.6.12.20 - Eastman Kodak Company)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lernerfolg Vorschule - Capt'n Sharky (HKLM-x32\...\Lernerfolg Vorschule - Capt'n Sharky) (Version: - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version: - LucasArts)
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PanzerIIID 3D v2.5 (HKLM-x32\...\Panzer General 3D PL v2.5_is1) (Version: - )
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version: - FarSight Studios)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Reader for PC (HKLM-x32\...\{11CBB0F5-989E-4B16-AE7E-D569AC4BF241}) (Version: 2.0.02.15180 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Rocrail -rev7371 (HKLM-x32\...\Rocrail_is1) (Version: - rocrail.net)
Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (x32 Version: 1.0 - Ihr Firmenname) Hidden
Rome Total War - patch 1.3 (HKLM-x32\...\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}) (Version: 1.3 - )
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinTrack Demo Version 11.0 3D (HKLM-x32\...\wintrack11demo_is1) (Version: 11.0 3D - Ing.-Büro Schneider)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
30-10-2014 16:05:04 Windows Update
02-11-2014 01:14:01 DirectX wurde installiert
03-11-2014 02:19:05 Windows Update
06-11-2014 08:01:45 ComboFix created restore point
06-11-2014 20:31:21 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-11-06 09:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {9C1A38B0-6F6E-404C-9CBB-9D2019E2FBDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)
Task: {E49638B1-66D6-4DB3-934D-2E840FCE042F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-05-30 20:32 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-02-04 13:08 - 2013-04-01 16:37 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-03-18 12:56 - 2013-03-18 12:56 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2013-02-15 11:17 - 2013-02-15 11:17 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2014-11-07 20:40 - 2014-11-07 20:40 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\system32\Drivers\idugaatx.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\pgtoykno.sys:changelist
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: Kodak AiO Status Monitor Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony SCSI Helper Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Cak\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
MSCONFIG\startupreg: Steam => "D:\Steam\Steam.exe" -silent
========================= Accounts: ==========================
Administrator (S-1-5-21-3812126910-346978619-1325485556-500 - Administrator - Disabled)
Cak (S-1-5-21-3812126910-346978619-1325485556-1000 - Administrator - Enabled) => C:\Users\Cak
Gast (S-1-5-21-3812126910-346978619-1325485556-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/08/2014 03:10:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 11:04:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 11:03:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 11:03:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 11:03:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 08:29:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 08:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 08:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 08:29:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 08:23:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (11/08/2014 03:10:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/07/2014 11:04:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 11:03:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 11:03:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 11:03:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 08:29:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 08:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 08:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 08:29:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 08:23:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 920 Processor
Percentage of memory in use: 48%
Total physical RAM: 4094.49 MB
Available physical RAM: 2125.82 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 6317.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:74.4 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:120.23 GB) NTFS
Drive e: () (Fixed) (Total:492.06 GB) (Free:302.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CA181CD6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=492.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Probleme waren eigentlich nur die Fehlermeldung beim Neustart RunDLL - Problem beim starten C:/Progra~3/7093A903.cpp Das angegebene Modul wurde nicht gefunden und Firefox hing irgendwie 2-3 sek nach dem starten und denn konnte man erst etwas machen Hier kommt noch das aktuelle von MSE Code:
ATTFilter Signature updated on 11-08-2014 04:22:15
Product Version: 4.6.305.0
Service Version: 4.6.305.0
Engine Version: 1.1.11104.0
AS Signature Version: 1.187.1602.0
AV Signature Version: 1.187.1602.0
************************************************************
2014-11-08T03:22:15.031Z Process scan (postsignatureupdatescan) started.
Signature updated via MicrosoftUpdateServer on 11-08-2014 04:22:15
************************************************************
2014-11-08T03:22:17.059Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-08T03:22:17.059Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-08T03:22:19.150Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-08T03:22:19.150Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-08T03:22:20.211Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x0000055589BDE636, signame=#LowFiCreateRemoteThread
Internal signature match:subtype=Lowfi, sigseq=0x00000555D4975CE4, signame=#Lowfi:RelevantKnowledge
Internal signature match:subtype=Lowfi, sigseq=0x0000055565173AD3, signame=#VirTool:Win32/Obfuscator.ADB
Internal signature match:subtype=Lowfi, sigseq=0x0000055565173AD3, signame=#VirTool:Win32/Obfuscator.ADB
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x0000055589BDE636, signame=#LowFiCreateRemoteThread
Internal signature match:subtype=Lowfi, sigseq=0x00000555D4975CE4, signame=#Lowfi:RelevantKnowledge
DSS Timeout:Received results after timeout
2014-11-08T05:04:56.449Z DETECTIONEVENT Ransom:Win32/Reveton!lnk file:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk;startup:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk;
2014-11-08T05:04:56.481Z DETECTION_ADD Ransom:Win32/Reveton!lnk file:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
2014-11-08T05:04:56.481Z DETECTION_ADD Ransom:Win32/Reveton!lnk startup:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Begin Full Scan
Scan ID:{26B8D061-900E-476D-A913-B40EDC97FDE7}
Scan Source:1
Start Time:11-08-2014 04:22:15
End Time:11-08-2014 06:04:56
Result Count:5
Threat Name:Ransom:Win32/Reveton!lnk
ID:2147660162
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:51223325051411
Resource Schema:startup
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:0
Unknown File
Identifier:7641702297336020990
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Cak\Desktop\ComboFix.exe
Extended Info:5864941282870
Unknown File
Identifier:16652975496060993534
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3812126910-346978619-1325485556-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\overlay.dll
Extended Info:5864326380243
Resource Schema:firefoxplugins
Resource Path:HKCU@S-1-5-21-3812126910-346978619-1325485556-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Unknown File
Identifier:18167396525297106942
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Cak\Desktop\JRT.exe
Extended Info:5866197048548
Unknown File
Identifier:4328074478023081982
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Cak\Desktop\ComboFix.exe->(UPX)->(nsis-6-catchme.3XE)->(UPX)
Extended Info:5864941282870
End Scan
************************************************************
2014-11-08T05:04:58.493Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-08T05:04:58.493Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x00000555D4975CE4, signame=#Lowfi:RelevantKnowledge
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{DD124C14-97C1-4336-8B55-9216E1D6053B}
Scan Source:7
Start Time:11-08-2014 06:04:56
End Time:11-08-2014 06:05:36
Explicit resource to scan
Resource Schema:firefoxplugins
Resource Path:HKCU@S-1-5-21-3812126910-346978619-1325485556-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\overlay.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Cak\Desktop\ComboFix.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Cak\Desktop\ComboFix.exe->(UPX)->(nsis-6-catchme.3XE)->(UPX)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Cak\Desktop\JRT.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3812126910-346978619-1325485556-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Result Count:2
Unknown File
Identifier:8118004816023650302
Number of Resources:2
Resource Schema:queryfilertsig
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:5864610348945
Resource Schema:startup
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:0
Unknown File
Identifier:18167396525297106942
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Cak\Desktop\JRT.exe
Extended Info:5866197048548
End Scan
************************************************************
DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x000005552281A517, signame=#LowfiContextualDropPlugincontainerTemp
Internal signature match:subtype=Persist, sigseq=0x00000555F63A95F5, signame=#PERSIST_ContextualDropPlugincontainerTemp
Internal signature match:subtype=Lowfi, sigseq=0x000005552281A517, signame=#LowfiContextualDropPlugincontainerTemp
Internal signature match:subtype=Persist, sigseq=0x00000555F63A95F5, signame=#PERSIST_ContextualDropPlugincontainerTemp
Begin Resource Scan
Scan ID:{3D34BB41-3A51-4152-A5A1-B35AB6432EBC}
Scan Source:7
Start Time:11-08-2014 08:02:05
End Time:11-08-2014 08:02:05
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Cak\AppData\Local\Temp\UnityWebPlayer\UnityWebPluginUpdate-c54085aaae05e6499fdc4bdd4ca7c3f0\Data\lib\CrossDomainPolicyParser.dll
Result Count:1
Unknown File
Identifier:16054491036226945022
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Local\Temp\UnityWebPlayer\UnityWebPluginUpdate-c54085aaae05e6499fdc4bdd4ca7c3f0\Data\lib\CrossDomainPolicyParser.dll
Extended Info:0
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x000005552281A517, signame=#LowfiContextualDropPlugincontainerTemp
Internal signature match:subtype=Persist, sigseq=0x00000555F63A95F5, signame=#PERSIST_ContextualDropPlugincontainerTemp
DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x000005552281A517, signame=#LowfiContextualDropPlugincontainerTemp
Internal signature match:subtype=Persist, sigseq=0x00000555F63A95F5, signame=#PERSIST_ContextualDropPlugincontainerTemp
Internal signature match:subtype=Lowfi, sigseq=0x000005552281A517, signame=#LowfiContextualDropPlugincontainerTemp
Internal signature match:subtype=Persist, sigseq=0x00000555F63A95F5, signame=#PERSIST_ContextualDropPlugincontainerTemp
Internal signature match:subtype=Lowfi, sigseq=0x000005552281A517, signame=#LowfiContextualDropPlugincontainerTemp
Internal signature match:subtype=Persist, sigseq=0x00000555F63A95F5, signame=#PERSIST_ContextualDropPlugincontainerTemp
Internal signature match:subtype=Lowfi, sigseq=0x000005552281A517, signame=#LowfiContextualDropPlugincontainerTemp
Internal signature match:subtype=Persist, sigseq=0x00000555F63A95F5, signame=#PERSIST_ContextualDropPlugincontainerTemp
Internal signature match:subtype=Lowfi, sigseq=0x000005552281A517, signame=#LowfiContextualDropPlugincontainerTemp
Internal signature match:subtype=Persist, sigseq=0x00000555F63A95F5, signame=#PERSIST_ContextualDropPlugincontainerTemp
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{12462679-C06C-454C-872B-B4F07C5D5D4F}
Scan Source:6
Start Time:11-08-2014 11:20:38
End Time:11-08-2014 11:20:44
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Explicit resource to scan
Resource Schema:startup
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Result Count:1
Threat Name:Ransom:Win32/Reveton!lnk
ID:2147660162
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:51223325051411
Resource Schema:startup
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:0
End Scan
************************************************************
FileName:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
SHA1:ca8392cafcfa9e4d68aca274cd670ee929c47e06
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Beginning threat actions
Start time:11-08-2014 11:20:44
Threat Name:Ransom:Win32/Reveton!lnk
Threat ID:2147660162
Action:remove
File to act on SHA1:CA8392CAFCFA9E4D68ACA274CD670EE929C47E06
File owner:VORDEFINIERT\Administratoren
File scheduled for removal on reboot
File Name:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Threat ID:2147660162
Resource refcount:1
Result:3010
Resource action complete:Removal
Schema:startup
Path:\\?\C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Threat ID:2147660162
Resource refcount:1
Result:0
Finished threat ID:2147660162
Threat result:0
Threat status flags:386
Finished threat actions
End time:11-08-2014 11:20:45
Result:0
DSS Timeout:Received results after timeout
2014-11-08T10:20:46.882Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
|
|
08.11.2014, 20:45
| #10 |
| /// the machine /// TB-Ausbilder | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock Java updaten. Das frische FRST log fehlt noch
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.11.2014, 09:53
| #11 |
| | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock laut java updater und java seite ist es die aktuellste version ... frst log war doch bei, ich mach aber noch mal n neues Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01
Ran by Cak (administrator) on CAK-PC on 08-11-2014 20:47:55
Running from C:\Users\Cak\Desktop
Loaded Profile: Cak (Available profiles: Cak)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Bethesda Softworks) D:\Steam\SteamApps\common\Fallout New Vegas\FalloutNV.exe
(Valve Corporation) D:\Steam\GameOverlayUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-03-18] (Sony Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-3812126910-346978619-1325485556-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01D942CEAB01CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3812126910-346978619-1325485556-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cak\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-09-15]
FF Extension: WOT - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: NoScript - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-02-03]
FF Extension: Adblock Plus - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-03]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-06-23]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-01] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-02-15] (Sony Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-03] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-04] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S1 idugaatx; \??\C:\Windows\system32\drivers\idugaatx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-08 20:47 - 2014-11-08 20:48 - 00013899 _____ () C:\Users\Cak\Desktop\FRST.txt
2014-11-07 20:40 - 2014-11-07 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-07 20:29 - 2014-11-07 20:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-07 20:28 - 2014-11-07 20:28 - 00854448 _____ () C:\Users\Cak\Desktop\SecurityCheck.exe
2014-11-06 21:23 - 2014-11-06 21:23 - 00000000 ____D () C:\Windows\ERUNT
2014-11-06 21:11 - 2014-11-06 21:18 - 00000000 ____D () C:\AdwCleaner
2014-11-06 20:48 - 2014-11-08 16:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 20:47 - 2014-11-06 20:47 - 01998336 _____ () C:\Users\Cak\Desktop\AdwCleaner_4.002.exe
2014-11-06 20:45 - 2014-11-06 20:45 - 01706939 _____ (Thisisu) C:\Users\Cak\Desktop\JRT.exe
2014-11-06 20:44 - 2014-11-06 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-06 20:44 - 2014-11-06 20:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-06 20:44 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-06 20:44 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-06 09:17 - 2014-11-06 09:17 - 00019914 _____ () C:\ComboFix.txt
2014-11-06 09:01 - 2014-11-06 09:17 - 00000000 ____D () C:\Qoobox
2014-11-06 09:01 - 2014-11-06 09:16 - 00000000 ____D () C:\Windows\erdnt
2014-11-06 09:01 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-06 09:01 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-06 09:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-05 18:03 - 2014-11-05 18:03 - 05591672 ____R (Swearware) C:\Users\Cak\Desktop\ComboFix.exe
2014-11-05 14:00 - 2014-11-08 20:47 - 00000000 ____D () C:\FRST
2014-11-05 13:59 - 2014-11-08 20:47 - 02115584 _____ (Farbar) C:\Users\Cak\Desktop\FRST64.exe
2014-11-02 02:15 - 2014-11-02 02:15 - 00000000 ____D () C:\Users\Cak\AppData\Local\FalloutNV
2014-10-19 00:00 - 2014-11-08 15:30 - 00002811 _____ () C:\Windows\setupact.log
2014-10-19 00:00 - 2014-10-19 00:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-17 21:59 - 2014-10-17 21:58 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-17 21:58 - 2014-10-17 21:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-17 21:58 - 2014-10-17 21:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-17 21:58 - 2014-10-17 21:58 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 21:58 - 2014-10-17 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 14:20 - 2014-10-17 14:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-17 14:15 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 14:15 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 14:15 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 14:15 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 14:15 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 14:15 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 14:15 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-17 14:14 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 14:14 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 14:14 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 14:14 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 14:14 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 14:14 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 14:14 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 14:14 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 14:14 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 14:14 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 14:14 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 14:14 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 14:14 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 14:14 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 14:14 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 14:14 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 14:14 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 14:14 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 14:14 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 14:14 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 14:14 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 14:14 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 14:14 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 14:14 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 14:14 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 14:14 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 14:14 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 14:14 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 14:14 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 14:14 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 14:14 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 14:14 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 14:14 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 14:14 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 14:14 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 14:14 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 14:14 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 14:14 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 14:14 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 14:14 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 14:14 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 14:14 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 14:14 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 14:14 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 14:14 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 14:14 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 14:14 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 14:14 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 14:14 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 14:14 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 14:14 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 14:14 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 14:14 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 14:14 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 14:14 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 14:14 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 14:14 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 14:14 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 14:14 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 14:14 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 14:14 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 14:14 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 14:14 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 14:14 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 14:14 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 14:11 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 14:11 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 14:11 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 14:11 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-08 20:25 - 2013-02-02 23:34 - 01774045 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 20:14 - 2013-07-10 18:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-08 15:37 - 2010-11-21 07:22 - 00699490 _____ () C:\Windows\system32\perfh007.dat
2014-11-08 15:37 - 2010-11-21 07:22 - 00149630 _____ () C:\Windows\system32\perfc007.dat
2014-11-08 15:37 - 2009-07-14 06:13 - 01620932 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 15:37 - 2009-07-14 05:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 15:37 - 2009-07-14 05:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 15:30 - 2013-02-03 00:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-08 15:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-08 11:43 - 2013-02-06 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-08 01:13 - 2013-02-03 11:55 - 00000000 ____D () C:\Users\Cak\AppData\Roaming\IrfanView
2014-11-07 23:42 - 2013-04-24 14:42 - 00000000 ____D () C:\Users\Cak\AppData\Roaming\vlc
2014-11-07 20:28 - 2013-11-19 23:41 - 02347384 _____ (ESET) C:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
2014-11-06 21:19 - 2010-11-21 04:47 - 00226696 _____ () C:\Windows\PFRO.log
2014-11-06 20:44 - 2013-02-03 12:25 - 00000000 ____D () C:\Users\Cak\AppData\Roaming\Malwarebytes
2014-11-06 20:44 - 2013-02-03 11:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-06 20:44 - 2013-02-03 11:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-06 09:17 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-06 09:13 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-06 09:11 - 2009-07-14 03:34 - 61603840 _____ () C:\Windows\system32\config\software.bak
2014-11-06 09:11 - 2009-07-14 03:34 - 17039360 _____ () C:\Windows\system32\config\system.bak
2014-11-06 09:11 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-11-06 09:11 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-11-06 09:11 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-05 17:34 - 2013-02-03 13:54 - 00000000 ____D () C:\Users\Cak\Documents\Dine
2014-11-02 02:15 - 2013-02-03 20:39 - 00000000 ____D () C:\Users\Cak\Documents\My Games
2014-11-02 02:15 - 2013-02-03 12:15 - 00370104 _____ () C:\Windows\DirectX.log
2014-11-02 00:18 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-31 18:51 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 18:52 - 2013-02-03 13:54 - 00000000 ____D () C:\Users\Cak\Documents\Doc'S
2014-10-25 18:46 - 2013-02-04 14:49 - 00000000 ____D () C:\Users\Cak\Documents\Settlers7
2014-10-19 12:30 - 2014-05-26 22:24 - 00000000 ____D () C:\Users\Cak\Documents\Rocrail
2014-10-17 23:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 22:01 - 2014-10-04 19:38 - 00000000 ____D () C:\Users\Cak\AppData\Local\Adobe
2014-10-17 22:01 - 2013-07-10 18:51 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-17 22:01 - 2013-02-13 21:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-17 22:01 - 2013-02-13 21:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 21:59 - 2013-09-26 19:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 21:52 - 2009-07-14 05:45 - 00288216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 21:50 - 2014-04-22 23:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 14:20 - 2013-07-10 18:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 14:16 - 2011-12-03 21:05 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Cak\AppData\Local\Temp\Quarantine.exe
C:\Users\Cak\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 00:48
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014 01
Ran by Cak at 2014-11-08 20:48:41
Running from C:\Users\Cak\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.7.5.30 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.11.10 - Your Company Name) Hidden
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.01.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ATI Catalyst Install Manager (HKLM\...\{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version: - )
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free YouTube Download version 3.2.30.319 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.30.319 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
Internetinformationsdienste (IIS) 7+-Manager (HKLM\...\{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}) (Version: 7.1.0.0 - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jagged Alliance - Back in Action Demo (HKLM-x32\...\Steam App 204920) (Version: - Coreplay GmbH)
Jagged Alliance Online - Steam Edition (HKLM-x32\...\Steam App 218450) (Version: - Cliffhanger Productions)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.6.12.20 - Eastman Kodak Company)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lernerfolg Vorschule - Capt'n Sharky (HKLM-x32\...\Lernerfolg Vorschule - Capt'n Sharky) (Version: - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version: - LucasArts)
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PanzerIIID 3D v2.5 (HKLM-x32\...\Panzer General 3D PL v2.5_is1) (Version: - )
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version: - FarSight Studios)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Reader for PC (HKLM-x32\...\{11CBB0F5-989E-4B16-AE7E-D569AC4BF241}) (Version: 2.0.02.15180 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Rocrail -rev7371 (HKLM-x32\...\Rocrail_is1) (Version: - rocrail.net)
Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (x32 Version: 1.0 - Ihr Firmenname) Hidden
Rome Total War - patch 1.3 (HKLM-x32\...\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}) (Version: 1.3 - )
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinTrack Demo Version 11.0 3D (HKLM-x32\...\wintrack11demo_is1) (Version: 11.0 3D - Ing.-Büro Schneider)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
30-10-2014 16:05:04 Windows Update
02-11-2014 01:14:01 DirectX wurde installiert
03-11-2014 02:19:05 Windows Update
06-11-2014 08:01:45 ComboFix created restore point
06-11-2014 20:31:21 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-11-06 09:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {9C1A38B0-6F6E-404C-9CBB-9D2019E2FBDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)
Task: {E49638B1-66D6-4DB3-934D-2E840FCE042F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-05-30 20:32 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-02-04 13:08 - 2013-04-01 16:37 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-03-18 12:56 - 2013-03-18 12:56 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2013-02-15 11:17 - 2013-02-15 11:17 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2014-10-19 12:31 - 2014-08-21 19:15 - 01171456 _____ () D:\Steam\libavcodec-56.dll
2014-10-19 12:31 - 2014-08-21 19:15 - 00442368 _____ () D:\Steam\libavutil-54.dll
2014-10-19 12:31 - 2014-08-21 19:15 - 00332800 _____ () D:\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-10-02 00:16 - 00774656 _____ () D:\Steam\SDL2.dll
2014-05-22 16:14 - 2014-10-21 20:22 - 02226880 _____ () D:\Steam\video.dll
2014-10-19 12:31 - 2014-08-21 19:15 - 00403968 _____ () D:\Steam\libavformat-56.dll
2014-10-19 12:31 - 2014-08-21 19:15 - 00485888 _____ () D:\Steam\libswscale-3.dll
2013-02-03 17:09 - 2014-10-21 20:22 - 00682176 _____ () D:\Steam\bin\chromehtml.DLL
2013-02-03 17:09 - 2014-09-05 00:29 - 34589376 _____ () D:\Steam\bin\libcef.dll
2014-08-16 13:12 - 2014-09-05 00:29 - 00837824 _____ () D:\Steam\bin\ffmpegsumo.dll
2014-11-01 22:13 - 2014-11-01 22:17 - 00338944 _____ () D:\Steam\steamapps\common\Fallout New Vegas\binkw32.dll
2013-02-03 17:09 - 2014-10-21 20:22 - 00350400 _____ () D:\Steam\steam.dll
2014-11-07 20:40 - 2014-11-07 20:40 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: Kodak AiO Status Monitor Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony SCSI Helper Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Cak\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
MSCONFIG\startupreg: Steam => "D:\Steam\Steam.exe" -silent
========================= Accounts: ==========================
Administrator (S-1-5-21-3812126910-346978619-1325485556-500 - Administrator - Disabled)
Cak (S-1-5-21-3812126910-346978619-1325485556-1000 - Administrator - Enabled) => C:\Users\Cak
Gast (S-1-5-21-3812126910-346978619-1325485556-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/08/2014 03:32:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2014 11:45:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2014 11:26:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/08/2014 03:10:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 11:04:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 11:03:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 11:03:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 11:03:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 08:29:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/07/2014 08:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (11/08/2014 11:58:51 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.
Error: (11/08/2014 11:58:51 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.187.1602.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Microsoft Office Sessions:
=========================
Error: (11/08/2014 03:32:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2014 11:45:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2014 11:26:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (11/08/2014 03:10:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/07/2014 11:04:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 11:03:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 11:03:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 11:03:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 08:29:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/07/2014 08:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 920 Processor
Percentage of memory in use: 50%
Total physical RAM: 4094.49 MB
Available physical RAM: 2038.7 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 5783.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:74.45 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:120.23 GB) NTFS
Drive e: () (Fixed) (Total:492.06 GB) (Free:302.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CA181CD6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=492.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
edit1: Gerade eben brachte mse nochmal ne meldung ... ich häng den teil vom log nochmal mit ran ... iwie scheint da noch wat zu hängen Code:
ATTFilter DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x00000555B523FC5D, signame=#Context:DataControlGuid.B
Internal signature match:subtype=Lowfi, sigseq=0x00000555B523FC5D, signame=#Context:DataControlGuid.B
Internal signature match:subtype=Lowfi, sigseq=0x00000555B523FC5D, signame=#Context:DataControlGuid.B
Internal signature match:subtype=Lowfi, sigseq=0x00000555B523FC5D, signame=#Context:DataControlGuid.B
Internal signature match:subtype=Lowfi, sigseq=0x00000555B523FC5D, signame=#Context:DataControlGuid.B
Internal signature match:subtype=Lowfi, sigseq=0x00000555861DD15A, signame=#Lowfi:SCPT:Exploit:JS/Axpergle.A
Internal signature match:subtype=Lowfi, sigseq=0x00000555861DD15A, signame=#Lowfi:SCPT:Exploit:JS/Axpergle.A
Internal signature match:subtype=Lowfi, sigseq=0x00000555B523FC5D, signame=#Context:DataControlGuid.B
Internal signature match:subtype=Lowfi, sigseq=0x00000555861DD15A, signame=#Lowfi:SCPT:Exploit:JS/Axpergle.A
Internal signature match:subtype=Lowfi, sigseq=0x00000555771E020F, signame=#LowFiExp:Win32/ContextualDropIETemp
Internal signature match:subtype=Persist, sigseq=0x00000555A3A532ED, signame=#PERSIST_ContextualDropIETemp
Internal signature match:subtype=Lowfi, sigseq=0x00000555771E020F, signame=#LowFiExp:Win32/ContextualDropIETemp
Internal signature match:subtype=Persist, sigseq=0x00000555A3A532ED, signame=#PERSIST_ContextualDropIETemp
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{DBCFC3D1-B821-468D-9BFD-26149CF8DDA5}
Scan Source:7
Start Time:11-09-2014 01:12:34
End Time:11-09-2014 01:12:35
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Cak\AppData\Local\Temp\Low\m0ad.dll
Result Count:1
Unknown File
Identifier:18320544265819652094
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Cak\AppData\Local\Temp\Low\m0ad.dll
Extended Info:5864628814351
End Scan
************************************************************
DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x00000555B523FC5D, signame=#Context:DataControlGuid.B
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x0000055566B22D68, signame=#LowfiRPF:RevLnk
Begin Resource Scan
Scan ID:{2D18C163-2B69-489E-BB95-F5B963EF18B6}
Scan Source:7
Start Time:11-09-2014 01:26:57
End Time:11-09-2014 01:27:01
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Result Count:1
Unknown File
Identifier:18320544265819652094
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Extended Info:5865782233411
End Scan
************************************************************
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{22EC30AE-EE25-45DA-8BE7-FC2581E0AE28}
Scan Source:3
Start Time:11-09-2014 01:26:57
End Time:11-09-2014 01:27:03
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Result Count:2
Threat Name:Ransom:Win32/Reveton!lnk
ID:2147660162
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:51223325051411
Unknown File
Identifier:18320544265819652094
Number of Resources:2
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Extended Info:5865782233411
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:0
End Scan
************************************************************
2014-11-09T00:27:03.109Z DETECTIONEVENT Ransom:Win32/Reveton!lnk file:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk;
2014-11-09T00:27:03.109Z DETECTION_ADD Ransom:Win32/Reveton!lnk file:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x0000055566B22D68, signame=#LowfiRPF:RevLnk
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
DSS Timeout:Received results after timeout
2014-11-09T00:27:19.052Z DETECTION_MERGE Ransom:Win32/Reveton!lnk startup:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
2014-11-09T00:27:19.052Z DETECTIONEVENT Ransom:Win32/Reveton!lnk file:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk;startup:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk;
Begin Resource Scan
Scan ID:{60A7AB1B-8A03-4053-A065-41961F3276EE}
Scan Source:6
Start Time:11-09-2014 01:27:13
End Time:11-09-2014 01:27:19
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Result Count:2
Threat Name:Ransom:Win32/Reveton!lnk
ID:2147660162
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:51223325051411
Resource Schema:startup
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:0
Unknown File
Identifier:18320544265819652094
Number of Resources:2
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Extended Info:5865782233411
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:0
End Scan
************************************************************
FileName:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
SHA1:ca8392cafcfa9e4d68aca274cd670ee929c47e06
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Beginning threat actions
Start time:11-09-2014 01:27:19
Threat Name:Ransom:Win32/Reveton!lnk
Threat ID:2147660162
Action:remove
Threat Name:Unknown
Threat ID:18320544265819652094
Action:unknown
File to act on SHA1:CA8392CAFCFA9E4D68ACA274CD670EE929C47E06
File owner:VORDEFINIERT\Administratoren
File scheduled for removal on reboot
File Name:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Threat ID:2147660162
Resource refcount:1
Result:3010
Resource action complete:Removal
Schema:startup
Path:\\?\C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Threat ID:2147660162
Resource refcount:1
Result:0
Finished threat ID:18320544265819652094
Threat result:0
Threat status flags:0
Finished threat ID:2147660162
Threat result:0
Threat status flags:386
Finished threat actions
End time:11-09-2014 01:27:19
Result:0
DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x0000055576043F91, signame=#LowfiRPF:Reveton_lnk
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x0000055566B22D68, signame=#LowfiRPF:RevLnk
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
2014-11-09T00:27:21.256Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-09T00:27:21.271Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{94647347-E2CC-4206-BCDA-1DD34E56DD70}
Scan Source:3
Start Time:11-09-2014 01:27:20
End Time:11-09-2014 01:27:21
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Result Count:3
Threat Name:Ransom:Win32/Reveton!lnk
ID:2147660162
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:51223325051411
Unknown File
Identifier:18320544265819652094
Number of Resources:2
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Extended Info:5864353312104
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:0
Unknown File
Identifier:2971851220446085118
Number of Resources:1
Resource Schema:samplefilerequested
Resource Path:C:\ProgramData\7093A903.cpp
Extended Info:5864353312104
End Scan
************************************************************
2014-11-09T00:27:21.833Z DETECTIONEVENT Ransom:Win32/Reveton!lnk file:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk;
2014-11-09T00:27:21.833Z DETECTION_ADD Ransom:Win32/Reveton!lnk file:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
2014-11-09T00:27:26.092Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-09T00:27:26.107Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{CBF49F03-610D-46ED-A269-00244B7E8028}
Scan Source:7
Start Time:11-09-2014 01:27:18
End Time:11-09-2014 01:27:29
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\309A3907.dot
Result Count:1
Unknown File
Identifier:16286495535945220094
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\309A3907.dot
Extended Info:5864550273203
End Scan
************************************************************
DSS Timeout:Received results after timeout
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log
Stopped On 11-09-2014 01:27:33 (Exit Code = 0x0)
************************************************************
edit2: Guten Morgen, Java konnte ich manuell über Umwege updaten, der Update Manager und dieses Tool auf der Java Seite meinten es ist die aktuellste Version aber man konnte ne andre Version runterladen ... komisch und nach dem Alarm von MSE gestern hab ich über Nacht nochmal MBAM und ESET laufen lassen ich häng dir die Logs mal mit ran ... Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.11.2014 Suchlauf-Zeit: 02:05:09 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.08.07 Rootkit Datenbank: v2014.11.08.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Cak Suchlauf-Art: Benutzerdefinierter Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 583712 Verstrichene Zeit: 3 Std, 3 Min, 55 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6eeabb6e45c5dd4a8a3f9b9aff3ee40e
# engine=20984
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-07 10:03:40
# local_time=2014-11-07 11:03:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4808721 86687842 0 0
# scanned=82540
# found=0
# cleaned=0
# scan_time=9155
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6eeabb6e45c5dd4a8a3f9b9aff3ee40e
# engine=20984
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-08 01:42:59
# local_time=2014-11-08 02:42:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4821880 86701001 0 0
# scanned=260557
# found=0
# cleaned=0
# scan_time=13076
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6eeabb6e45c5dd4a8a3f9b9aff3ee40e
# engine=20999
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-09 05:05:06
# local_time=2014-11-09 06:05:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4920407 86799528 0 0
# scanned=263768
# found=2
# cleaned=1
# scan_time=14924
sh=A50F2CC5EB0506C984BB57D7542515822EB1492F ft=1 fh=da822dfd1e1adb9f vn="Variante von Win64/Kryptik.GK Trojaner" ac=I fn="C:\Users\All Users\309A3907.dot"
sh=A50F2CC5EB0506C984BB57D7542515822EB1492F ft=1 fh=da822dfd1e1adb9f vn="Variante von Win64/Kryptik.GK Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\309A3907.dot"
Geändert von cakken (09.11.2014 um 10:00 Uhr) |
|
10.11.2014, 08:27
| #12 |
| /// the machine /// TB-Ausbilder | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock Nein war es nit, du hast zweimal die Addition gepostet . Java gibt es schon in Version 8.Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3812126910-346978619-1325485556-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\ProgramData\309A3907.dot
C:\ProgramData\309A3907.ccp
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.11.2014, 00:09
| #13 |
| | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock java 8 update 25 is drauf hier das gewünschte log Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Cak at 2014-11-10 19:01:50 Run:1
Running from C:\Users\Cak\Desktop
Loaded Profile: Cak (Available profiles: Cak)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3812126910-346978619-1325485556-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\ProgramData\309A3907.dot
C:\ProgramData\309A3907.ccp
*****************
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3812126910-346978619-1325485556-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"C:\ProgramData\309A3907.dot" => File/Directory not found.
"C:\ProgramData\309A3907.ccp" => File/Directory not found.
==== End of Fixlog ====
Nach nochmaliger Meldung von MSE hab ich nochma MBAM und ESET laufen lassen mit Funden jeweils ich häng die logs ma noch mit ran Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.11.2014 Suchlauf-Zeit: 20:31:55 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.10.08 Rootkit Datenbank: v2014.11.10.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Cak Suchlauf-Art: Benutzerdefinierter Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 471023 Verstrichene Zeit: 1 Std, 33 Min, 17 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 2 Trojan.FakeMS.ED, C:\ProgramData\7093A903.cpp, In Quarantäne, [36e9d96198e4bc7afef690503ec334cc], Trojan.FakeMS.ED, C:\Users\Cak\AppData\Local\Temp\Low\m0ad.dll, In Quarantäne, [fd22c179dca0c175658f9c44748de917], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6eeabb6e45c5dd4a8a3f9b9aff3ee40e
# engine=21026
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-10 10:47:09
# local_time=2014-11-10 11:47:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5070530 86949651 0 0
# scanned=151067
# found=2
# cleaned=0
# scan_time=11064
sh=D6619CE7FCE9F9A85614A84EAF4508AB0A6ADF5B ft=1 fh=af479cba77e0e875 vn="Win32/Reveton.AJ Trojaner" ac=I fn="C:\ProgramData\7093A903.cpp"
sh=D6619CE7FCE9F9A85614A84EAF4508AB0A6ADF5B ft=1 fh=af479cba77e0e875 vn="Win32/Reveton.AJ Trojaner" ac=I fn="C:\Users\All Users\7093A903.cpp"
|
|
11.11.2014, 17:00
| #14 |
| /// the machine /// TB-Ausbilder | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock Öffne mal bitte FRST, setz nen Haken bei Addition und scanne, poste bitte beide Logfiles.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.11.2014, 20:13
| #15 |
| | Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock Hey Schrauber hier die gewünschten Logs Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Cak (administrator) on CAK-PC on 11-11-2014 20:09:53
Running from C:\Users\Cak\Desktop
Loaded Profile: Cak (Available profiles: Cak)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-03-18] (Sony Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3812126910-346978619-1325485556-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01D942CEAB01CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-3812126910-346978619-1325485556-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cak\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3812126910-346978619-1325485556-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-3812126910-346978619-1325485556-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-09-15]
FF Extension: WOT - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: NoScript - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-02-03]
FF Extension: Adblock Plus - C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\tms54fct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-03]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-01] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-02-15] (Sony Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-03] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-04] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S1 idugaatx; \??\C:\Windows\system32\drivers\idugaatx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-11 20:09 - 2014-11-11 20:11 - 00013190 _____ () C:\Users\Cak\Desktop\FRST.txt
2014-11-10 23:51 - 2014-11-10 23:51 - 00001395 _____ () C:\Users\Cak\Desktop\mbam.txt
2014-11-10 19:20 - 2014-11-10 19:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-07 20:29 - 2014-11-07 20:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-07 20:28 - 2014-11-07 20:28 - 00854448 _____ () C:\Users\Cak\Desktop\SecurityCheck.exe
2014-11-06 21:23 - 2014-11-06 21:23 - 00000000 ____D () C:\Windows\ERUNT
2014-11-06 21:11 - 2014-11-06 21:18 - 00000000 ____D () C:\AdwCleaner
2014-11-06 20:48 - 2014-11-10 23:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 20:47 - 2014-11-06 20:47 - 01998336 _____ () C:\Users\Cak\Desktop\AdwCleaner_4.002.exe
2014-11-06 20:45 - 2014-11-06 20:45 - 01706939 _____ (Thisisu) C:\Users\Cak\Desktop\JRT.exe
2014-11-06 20:44 - 2014-11-06 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-06 20:44 - 2014-11-06 20:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-06 20:44 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-06 20:44 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-06 09:01 - 2014-11-06 09:17 - 00000000 ____D () C:\Qoobox
2014-11-06 09:01 - 2014-11-06 09:16 - 00000000 ____D () C:\Windows\erdnt
2014-11-06 09:01 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-06 09:01 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-06 09:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-06 09:01 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-05 18:03 - 2014-11-05 18:03 - 05591672 ____R (Swearware) C:\Users\Cak\Desktop\ComboFix.exe
2014-11-05 14:00 - 2014-11-11 20:10 - 00000000 ____D () C:\FRST
2014-11-05 13:59 - 2014-11-10 19:01 - 02116096 _____ (Farbar) C:\Users\Cak\Desktop\FRST64.exe
2014-11-02 02:15 - 2014-11-02 02:15 - 00000000 ____D () C:\Users\Cak\AppData\Local\FalloutNV
2014-10-19 00:00 - 2014-11-11 20:06 - 00003539 _____ () C:\Windows\setupact.log
2014-10-19 00:00 - 2014-10-19 00:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-17 21:59 - 2014-10-17 21:58 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-17 21:58 - 2014-11-09 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 21:58 - 2014-11-09 01:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 21:58 - 2014-10-17 21:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-17 21:58 - 2014-10-17 21:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-17 14:20 - 2014-10-17 14:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-17 14:15 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 14:15 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 14:15 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 14:15 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 14:15 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 14:15 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 14:15 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 14:15 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-17 14:14 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 14:14 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 14:14 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 14:14 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 14:14 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 14:14 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 14:14 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 14:14 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 14:14 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 14:14 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 14:14 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 14:14 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 14:14 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 14:14 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 14:14 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 14:14 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 14:14 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 14:14 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 14:14 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 14:14 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 14:14 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 14:14 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 14:14 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 14:14 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 14:14 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 14:14 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 14:14 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 14:14 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 14:14 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 14:14 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 14:14 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 14:14 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 14:14 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 14:14 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 14:14 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 14:14 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 14:14 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 14:14 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 14:14 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 14:14 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 14:14 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 14:14 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 14:14 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 14:14 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 14:14 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 14:14 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 14:14 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 14:14 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 14:14 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 14:14 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 14:14 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 14:14 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 14:14 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 14:14 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 14:14 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 14:14 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 14:14 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 14:14 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 14:14 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 14:14 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 14:14 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 14:14 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 14:14 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 14:14 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 14:14 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 14:14 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 14:11 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 14:11 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 14:11 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 14:11 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-11 20:11 - 2013-02-02 23:34 - 01971787 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 20:06 - 2013-02-03 00:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-11 20:06 - 2010-11-21 04:47 - 00227588 _____ () C:\Windows\PFRO.log
2014-11-11 20:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 00:14 - 2013-07-10 18:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 23:55 - 2010-11-21 07:22 - 00699490 _____ () C:\Windows\system32\perfh007.dat
2014-11-10 23:55 - 2010-11-21 07:22 - 00149630 _____ () C:\Windows\system32\perfc007.dat
2014-11-10 23:55 - 2009-07-14 06:13 - 01620932 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 23:55 - 2009-07-14 05:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 23:55 - 2009-07-14 05:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 23:48 - 2013-02-06 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 01:53 - 2013-11-19 23:41 - 02347384 _____ (ESET) C:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
2014-11-09 01:49 - 2013-09-26 19:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-09 01:48 - 2013-09-26 19:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-08 01:13 - 2013-02-03 11:55 - 00000000 ____D () C:\Users\Cak\AppData\Roaming\IrfanView
2014-11-07 23:42 - 2013-04-24 14:42 - 00000000 ____D () C:\Users\Cak\AppData\Roaming\vlc
2014-11-06 20:44 - 2013-02-03 12:25 - 00000000 ____D () C:\Users\Cak\AppData\Roaming\Malwarebytes
2014-11-06 20:44 - 2013-02-03 11:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-06 20:44 - 2013-02-03 11:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-06 09:17 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-06 09:13 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-06 09:11 - 2009-07-14 03:34 - 61603840 _____ () C:\Windows\system32\config\software.bak
2014-11-06 09:11 - 2009-07-14 03:34 - 17039360 _____ () C:\Windows\system32\config\system.bak
2014-11-06 09:11 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-11-06 09:11 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-11-06 09:11 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-05 17:34 - 2013-02-03 13:54 - 00000000 ____D () C:\Users\Cak\Documents\Dine
2014-11-02 02:15 - 2013-02-03 20:39 - 00000000 ____D () C:\Users\Cak\Documents\My Games
2014-11-02 02:15 - 2013-02-03 12:15 - 00370104 _____ () C:\Windows\DirectX.log
2014-11-02 00:18 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-31 18:51 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 18:52 - 2013-02-03 13:54 - 00000000 ____D () C:\Users\Cak\Documents\Doc'S
2014-10-25 18:46 - 2013-02-04 14:49 - 00000000 ____D () C:\Users\Cak\Documents\Settlers7
2014-10-19 12:30 - 2014-05-26 22:24 - 00000000 ____D () C:\Users\Cak\Documents\Rocrail
2014-10-17 23:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 22:01 - 2014-10-04 19:38 - 00000000 ____D () C:\Users\Cak\AppData\Local\Adobe
2014-10-17 22:01 - 2013-07-10 18:51 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-17 22:01 - 2013-02-13 21:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-17 22:01 - 2013-02-13 21:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 21:52 - 2009-07-14 05:45 - 00288216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 21:50 - 2014-04-22 23:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 14:20 - 2013-07-10 18:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 14:16 - 2011-12-03 21:05 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Cak\AppData\Local\Temp\Quarantine.exe
C:\Users\Cak\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 00:48
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Cak at 2014-11-11 20:11:37
Running from C:\Users\Cak\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.7.5.30 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.11.10 - Your Company Name) Hidden
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.01.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ATI Catalyst Install Manager (HKLM\...\{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version: - )
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free YouTube Download version 3.2.30.319 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.30.319 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
Internetinformationsdienste (IIS) 7+-Manager (HKLM\...\{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}) (Version: 7.1.0.0 - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jagged Alliance - Back in Action Demo (HKLM-x32\...\Steam App 204920) (Version: - Coreplay GmbH)
Jagged Alliance Online - Steam Edition (HKLM-x32\...\Steam App 218450) (Version: - Cliffhanger Productions)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.6.12.20 - Eastman Kodak Company)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lernerfolg Vorschule - Capt'n Sharky (HKLM-x32\...\Lernerfolg Vorschule - Capt'n Sharky) (Version: - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version: - LucasArts)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PanzerIIID 3D v2.5 (HKLM-x32\...\Panzer General 3D PL v2.5_is1) (Version: - )
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version: - FarSight Studios)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Reader for PC (HKLM-x32\...\{11CBB0F5-989E-4B16-AE7E-D569AC4BF241}) (Version: 2.0.02.15180 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Rocrail -rev7371 (HKLM-x32\...\Rocrail_is1) (Version: - rocrail.net)
Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (x32 Version: 1.0 - Ihr Firmenname) Hidden
Rome Total War - patch 1.3 (HKLM-x32\...\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}) (Version: 1.3 - )
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-3812126910-346978619-1325485556-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinTrack Demo Version 11.0 3D (HKLM-x32\...\wintrack11demo_is1) (Version: 11.0 3D - Ing.-Büro Schneider)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
02-11-2014 01:14:01 DirectX wurde installiert
03-11-2014 02:19:05 Windows Update
06-11-2014 08:01:45 ComboFix created restore point
06-11-2014 20:31:21 Windows Update
09-11-2014 21:51:56 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-11-06 09:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {9C1A38B0-6F6E-404C-9CBB-9D2019E2FBDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)
Task: {E49638B1-66D6-4DB3-934D-2E840FCE042F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-05-30 20:32 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-02-04 13:08 - 2013-04-01 16:37 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-03-18 12:56 - 2013-03-18 12:56 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2013-02-15 11:17 - 2013-02-15 11:17 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2013-03-18 12:58 - 2013-03-18 12:58 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2014-11-10 19:20 - 2014-11-10 19:20 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: Kodak AiO Status Monitor Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony SCSI Helper Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Cak\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
MSCONFIG\startupreg: Steam => "D:\Steam\Steam.exe" -silent
========================= Accounts: ==========================
Administrator (S-1-5-21-3812126910-346978619-1325485556-500 - Administrator - Disabled)
Cak (S-1-5-21-3812126910-346978619-1325485556-1000 - Administrator - Enabled) => C:\Users\Cak
Gast (S-1-5-21-3812126910-346978619-1325485556-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/11/2014 08:08:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/10/2014 11:50:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/10/2014 08:41:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/10/2014 08:41:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/10/2014 08:41:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/10/2014 08:33:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/10/2014 08:33:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/10/2014 08:33:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/10/2014 01:05:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/09/2014 08:02:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/09/2014 01:15:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/09/2014 01:15:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/09/2014 01:15:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/09/2014 01:15:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/09/2014 01:15:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/09/2014 01:15:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Netzwerkverbindungen" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/09/2014 01:15:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Zugriff auf Eingabegeräte" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/09/2014 01:15:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Offlinedateien" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/09/2014 01:15:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Audio-Endpunkterstellung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/09/2014 01:15:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia Update Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (11/11/2014 08:08:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/10/2014 11:50:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/10/2014 08:41:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/10/2014 08:41:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/10/2014 08:41:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/10/2014 08:33:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/10/2014 08:33:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/10/2014 08:33:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cak\Downloads\esetsmartinstaller_deu.exe
Error: (11/10/2014 01:05:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/09/2014 08:02:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 920 Processor
Percentage of memory in use: 50%
Total physical RAM: 4094.49 MB
Available physical RAM: 2010 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 5980.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:75.13 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:120.23 GB) NTFS
Drive e: () (Fixed) (Total:492.06 GB) (Free:302.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CA181CD6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=492.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
| Themen zu Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock |
| administrator, anti-malware, antimalware, appdata, autostart, generic, löschen, malwarebytes, microsoft, neustart, roaming, security, speicher, spyware.zbot.ed, trojan.fakems.ed, trojan:win32/peaac.gen!a!plock, win32/kryptik.cozm, win32/kryptik.cpaq, win64/kryptik.gk |
WARNUNG an die MITLESER: 
Linear-Darstellung
