|
Plagegeister aller Art und deren Bekämpfung: Facebook (Virus)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.11.2014, 17:35 | #1 |
| Facebook (Virus) Hey, habe gerade auf Facebook eine Nachricht von einer Freundin bekommen "Erinnerst du dich daran?" und weil die Nachricht ausgerechnet von einer Person kam die mich schon öfters mal was fragte habe ich nicht richtig aufgepasst und nicht richtig weitergelesen und auf den Link geklickt, dieser hier: hxxp://t.co/22gJaxzDBA Es scheint sich ja um das hier zu handeln: hxxp://www.mimikama.at/allgemein/warnung-fr-teilnehmer-in-einem-facebook-gruppen-chat-haha-erinnerst-du-dich-an-dieses-bild-httpt-coxxxx/ Dort ist zwar der Text etwas anders, aber der Link sieht ja so ähnlich aus. Ich habe den Link glaube nicht bis komplett zum Ende laden lassen, ich glaube ein Login-Fenster kam am Ende, ich bin mir nicht mehr sicher da ich die Seite so schnell wie möglich wieder geschlossen habe. Mein Passwort auf Facebook habe ich auch direkt geändert. Hier schonmal ein paar Logs: frst.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2014 Ran by Olaf (administrator) on OLAF-PC on 30-11-2014 17:39:51 Running from C:\Users\Olaf\Downloads Loaded Profiles: Olaf & UpdatusUser (Available profiles: Olaf & UpdatusUser) Platform: Microsoft® Windows Vista™ Home Premium (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Spotify Ltd) C:\Users\Olaf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\wercon.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Opera Software) C:\Program Files\Opera\opera.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2012-06-02] (Microsoft Corporation) HKLM\...\Run: [MSConfig] => C:\Windows\system32\msconfig.exe [222208 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-21] (Avira Operations GmbH & Co. KG) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1783187169-4266523473-792420036-1002\...\Run: [Spotify Web Helper] => C:\Users\Olaf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-27] (Spotify Ltd) HKU\S-1-5-21-1783187169-4266523473-792420036-1003\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1783187169-4266523473-792420036-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.11.1 FireFox: ======== FF ProfilePath: C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default FF DefaultSearchEngine: Google FF DefaultSearchUrl: FF SearchEngineOrder.3: Bing FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @IObit.com/np_Asc_Plugin -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll (IObit) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\Extensions\abs@avira.com [2014-11-22] FF Extension: Speed Dial - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66} [2013-09-23] FF Extension: Shopping Helper Smartbar - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\Extensions\{f2d45ffd-cff5-7ba9-54b1-45292dff1e50} [2014-05-09] FF Extension: leethax.net extension - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\Extensions\leethax@leethax.net.xpi [2014-11-29] FF Extension: Speed Dial - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013-09-23] FF Extension: Adblock Plus - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-01] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-03] FF Extension: No Name - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\extensions\ascsurfingprotection@iobit.com [Not Found] FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR DefaultSearchKeyword: Default -> de.yahoo.com CHR DefaultSearchURL: Default -> https://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms} CHR DefaultSuggestURL: Default -> https://de.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms} CHR Profile: C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20] CHR Extension: (YouTube) - C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-26] CHR Extension: (Google-Suche) - C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-26] CHR Extension: (Avira Browserschutz) - C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-24] CHR Extension: (Google Wallet) - C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23] CHR Extension: (Google Mail) - C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-26] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-21] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit) S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed] S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-19] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-19] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. ) S3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2013-03-23] (IObit) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed] S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2013-11-19] (IObit.com) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com) R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [13976 2014-01-01] (VIA Technologies, Inc.) S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.) R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [23192 2014-01-01] (VIA Technologies, Inc.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 EagleXNt; No ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 WinRing0_1_2_0; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-30 17:39 - 2014-11-30 17:40 - 00013169 _____ () C:\Users\Olaf\Downloads\FRST.txt 2014-11-30 17:39 - 2014-11-30 17:40 - 00000000 ____D () C:\FRST 2014-11-30 17:38 - 2014-11-30 17:38 - 01108992 _____ (Farbar) C:\Users\Olaf\Downloads\FRST.exe 2014-11-30 16:27 - 2014-11-30 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-11-30 16:27 - 2014-11-30 16:27 - 00000000 ____D () C:\Program Files\7-Zip 2014-11-30 16:26 - 2014-11-30 16:26 - 01110476 _____ () C:\Users\Olaf\Downloads\7z920.exe 2014-11-30 15:26 - 2014-11-30 15:26 - 00000000 ____D () C:\Program Files\Sandboxie 2014-11-30 15:24 - 2014-11-30 15:24 - 02734600 _____ (Sandboxie Holdings, LLC) C:\Users\Olaf\Downloads\SandboxieInstall-414.exe 2014-11-28 18:56 - 2014-11-28 18:56 - 00000000 ____D () C:\Users\Olaf\Documents\Zen Studios 2014-11-28 18:53 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-11-28 18:53 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2014-11-28 18:53 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-11-28 18:53 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-11-28 18:53 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2014-11-28 18:53 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2014-11-28 18:53 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2014-11-28 18:53 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2014-11-28 18:53 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2014-11-28 18:53 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2014-11-28 18:53 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2014-11-28 18:53 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2014-11-28 18:53 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2014-11-28 18:53 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2014-11-28 18:53 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2014-11-28 18:53 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2014-11-28 18:53 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2014-11-28 18:53 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2014-11-28 18:53 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2014-11-28 18:53 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2014-11-28 18:53 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2014-11-28 18:53 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2014-11-28 18:53 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2014-11-28 18:53 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2014-11-28 18:53 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2014-11-28 18:53 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2014-11-28 18:53 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2014-11-28 18:53 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2014-11-28 18:53 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2014-11-28 18:53 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2014-11-28 18:53 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2014-11-28 18:53 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2014-11-28 18:53 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2014-11-28 18:53 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2014-11-28 18:53 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2014-11-28 18:53 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2014-11-28 18:53 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-11-28 18:53 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-11-28 18:53 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-11-28 18:53 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2014-11-28 18:53 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2014-11-28 18:53 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2014-11-28 18:53 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2014-11-28 18:53 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2014-11-28 18:53 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2014-11-28 18:53 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2014-11-28 18:53 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2014-11-28 18:53 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2014-11-28 18:53 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2014-11-28 18:53 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2014-11-28 18:53 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2014-11-28 18:53 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2014-11-28 18:53 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2014-11-28 18:53 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2014-11-28 18:53 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2014-11-28 18:52 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2014-11-28 18:52 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2014-11-28 18:52 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2014-11-28 18:52 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2014-11-28 18:52 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2014-11-28 18:52 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2014-11-28 18:52 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2014-11-28 18:52 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2014-11-28 18:52 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2014-11-28 18:52 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2014-11-28 18:52 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2014-11-28 18:52 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2014-11-28 18:52 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2014-11-28 18:52 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2014-11-28 18:52 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2014-11-28 18:52 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2014-11-28 18:52 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2014-11-28 18:52 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2014-11-28 18:52 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2014-11-28 18:52 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2014-11-28 18:52 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2014-11-28 18:52 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2014-11-28 18:52 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2014-11-28 18:52 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2014-11-28 18:52 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2014-11-28 18:52 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2014-11-28 18:52 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2014-11-28 18:51 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2014-11-28 18:51 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2014-11-28 18:51 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2014-11-28 18:51 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2014-11-28 18:51 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2014-11-28 18:51 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2014-11-28 18:51 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2014-11-28 18:51 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2014-11-28 14:26 - 2014-11-28 14:26 - 00000216 _____ () C:\Users\Olaf\Desktop\Pinball FX2.url 2014-11-27 20:32 - 2014-11-28 18:56 - 00000000 ____D () C:\Program Files\Steam 2014-11-27 20:32 - 2014-11-28 14:19 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-11-27 20:32 - 2014-11-27 20:32 - 00000763 _____ () C:\Users\Public\Desktop\Steam.lnk 2014-11-27 20:32 - 2014-11-27 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-11-27 20:19 - 2014-11-27 20:19 - 00000000 ____D () C:\Users\Olaf\AppData\Local\Skype 2014-11-27 20:17 - 2014-11-27 20:17 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-11-27 20:17 - 2014-11-27 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-11-27 20:17 - 2014-11-27 20:17 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-11-27 20:15 - 2014-11-27 20:17 - 00000000 ___RD () C:\Program Files\Skype 2014-11-27 20:09 - 2014-11-27 20:10 - 01546856 _____ (Skype Technologies S.A.) C:\Users\Olaf\Downloads\SkypeSetup(1).exe 2014-11-27 17:59 - 2014-11-27 17:59 - 01174352 _____ () C:\Users\Olaf\Downloads\Skype - CHIP-Installer(1).exe 2014-11-27 17:25 - 2014-11-27 17:30 - 178931512 _____ (NVIDIA Corporation) C:\Users\Olaf\Downloads\307.83-desktop-win7-winvista-32bit-international-whql.exe 2014-11-27 15:26 - 2014-11-27 15:26 - 01174352 _____ () C:\Users\Olaf\Downloads\Skype - CHIP-Installer.exe 2014-11-27 14:58 - 2014-11-27 15:06 - 00000000 ____D () C:\Users\Olaf\AppData\Local\Spotify 2014-11-27 14:58 - 2014-11-27 14:58 - 00001709 _____ () C:\Users\Olaf\Desktop\Spotify.lnk 2014-11-27 14:58 - 2014-11-27 14:58 - 00001695 _____ () C:\Users\Olaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2014-11-27 14:57 - 2014-11-30 15:40 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\Spotify 2014-11-27 14:57 - 2014-11-27 14:57 - 00137888 _____ (Spotify Ltd) C:\Users\Olaf\Downloads\SpotifySetup.exe 2014-11-27 14:33 - 2005-06-07 16:59 - 14383616 _____ () C:\Users\Olaf\Desktop\gta_sa.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-30 17:36 - 2012-09-26 17:31 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-30 17:17 - 2012-06-01 14:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-30 17:13 - 2006-11-02 13:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-30 17:13 - 2006-11-02 13:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-30 16:47 - 2014-08-24 14:08 - 00000360 _____ () C:\Windows\Tasks\WpsUpdateTask_Olaf.job 2014-11-30 16:35 - 2013-03-02 15:42 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\vlc 2014-11-30 14:13 - 2013-10-17 17:06 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecb52cb476d50.job 2014-11-30 14:13 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-30 02:26 - 2006-11-02 14:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-30 02:25 - 2012-11-30 19:06 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\ICQ 2014-11-30 02:17 - 2013-02-15 18:14 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\Skype 2014-11-28 18:52 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-27 21:02 - 2014-05-15 16:33 - 00004426 _____ () C:\Windows\PFRO.log 2014-11-27 20:18 - 2013-02-15 18:14 - 00000000 ____D () C:\ProgramData\Skype 2014-11-27 17:43 - 2012-06-01 14:51 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-27 17:38 - 2012-06-01 14:07 - 00000000 ____D () C:\Users\Olaf 2014-11-27 15:17 - 2012-06-01 14:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-27 15:17 - 2012-06-01 14:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-27 14:34 - 2014-05-13 20:58 - 00004713 _____ () C:\Windows\setupact.log 2014-11-24 21:59 - 2006-11-02 11:33 - 00526648 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-24 20:19 - 2014-01-01 17:42 - 00000000 ____D () C:\ProgramData\ProductData 2014-11-24 20:17 - 2012-06-09 21:21 - 00000000 ____D () C:\Program Files\IObit 2014-11-24 20:17 - 2012-06-01 14:54 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-24 20:10 - 2014-01-01 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 2014-11-24 20:08 - 2014-08-16 22:33 - 00000000 ____D () C:\Program Files\AutoHotkey 2014-11-24 20:08 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\ShellNew 2014-11-23 12:57 - 2014-05-13 20:58 - 00093677 _____ () C:\Windows\WindowsUpdate.log 2014-11-23 12:52 - 2013-08-21 13:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-23 12:51 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-11-22 16:21 - 2012-11-15 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-22 16:20 - 2012-11-15 10:52 - 00000000 ____D () C:\Program Files\Avira 2014-11-22 16:15 - 2012-11-15 10:52 - 00000000 ____D () C:\ProgramData\Avira 2014-11-21 16:25 - 2012-06-01 14:14 - 00071104 _____ () C:\Users\Olaf\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-21 16:24 - 2006-11-02 13:47 - 00295784 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-17 22:57 - 2014-09-19 18:52 - 00000000 ____D () C:\Users\Olaf\AppData\Local\Kingsoft 2014-11-17 22:53 - 2014-08-24 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Writer 2014-11-17 22:50 - 2014-08-24 13:57 - 00000000 ____D () C:\Program Files\Kingsoft Some content of TEMP: ==================== C:\Users\Olaf\AppData\Local\Temp\avgnt.exe C:\Users\Olaf\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Olaf\AppData\Local\Temp\Quarantine.exe C:\Users\Olaf\AppData\Local\Temp\updatepackasc.exe C:\Users\Olaf\AppData\Local\Temp\vcredist_x86.exe C:\Users\Olaf\AppData\Local\Temp\{DC3C136F-EE75-4E5E-9150-0372386BC25B}-38.0.2125.111_chrome_installer.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-30 14:33 ==================== End Of Log ============================ addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-11-2014 Ran by Olaf at 2014-11-30 17:41:33 Running from C:\Users\Olaf\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Reader X (10.1.3) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) AOL Deinstallation (Version: - ) Hidden Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform) CLEO 4.3 (HKLM\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien) Creator 9 (HKLM\...\CREATOR9) (Version: - ) dirhtml v4.861 (HKLM\...\{692DF640-F6EE-4BA2-90FD-466B9A23A6B5}_is1) (Version: - Eric Nitzsche) Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.1 - IObit) Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version: - SEIKO EPSON Corporation) ffdshow [rev 3154] [2009-12-09] (HKLM\...\ffdshow_is1) (Version: 1.0 - ) Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Grand Theft Auto San Andreas (HKLM\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games) HDRegDE (HKLM\...\{D359B12F-9B1A-46FD-B70C-F507B5B11590}) (Version: 1.0.0 - Altwood Systems Limited) Heart Of Darkness (HKLM\...\Heart Of Darkness) (Version: v1.4 - Amazing Studio & Infogrames) ICQ7M (HKLM\...\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}) (Version: 7.8 - ICQ) Infocentre Rev. 2.0 (HKLM\...\Infocentre) (Version: - ) IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 2.1 - IObit) IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.0.5.1228 - IObit) Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle) Kingsoft Office 2013 (9.1.0.4550) (HKLM\...\Kingsoft Office) (Version: 9.1.0.4550 - Kingsoft Corp.) Kingsoft Writer (8.1.0.3198) (HKLM\...\Kingsoft Writer) (Version: 8.1.0.3198 - Kingsoft Corp.) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version: - ) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 33.1.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nexon Game Manager (HKLM\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - ) NIS2007 (HKLM\...\NIS2007_DE) (Version: - ) NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) Packard Bell Updator (HKLM\...\Updator) (Version: - ) Pinball FX2 (HKLM\...\Steam App 226980) (Version: - Zen Studios) Realtek HD Audio V6.0.1.5322 (HKLM\...\AUDIO_REALTEK) (Version: - ) Realtek High Definition Audio Driver (Version: 6.0.1.5322 - Realtek Semiconductor Corp.) Hidden RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft) SciTE4AutoHotkey v3.0.05.01 (HKLM\...\SciTE4AutoHotkey) (Version: v3.0.05.01 - fincs) SetUp My PC (HKLM\...\SETUPMYPC_DE) (Version: - ) Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.) Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.9 - IObit) Sony Eyetoy Webcam (HKLM\...\Sony Eyetoy Webcam) (Version: - ) Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.6.201404170858 - Sony Mobile Communications AB) Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony) Spotify (HKU\S-1-5-21-1783187169-4266523473-792420036-1002\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB) Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab CYRI (HKLM\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC) Video NVIDIA v97.19 (HKLM\...\VIDEO_NVIDIA) (Version: - ) VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN) WinRAR 4.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) ==================== Restore Points ========================= 17-11-2014 21:05:30 Geplanter Prüfpunkt 21-11-2014 16:12:43 Geplanter Prüfpunkt 22-11-2014 15:26:36 Windows Update 23-11-2014 11:50:35 Windows Update 24-11-2014 19:23:26 Installiert Grand Theft Auto San Andreas 27-11-2014 13:09:07 Geplanter Prüfpunkt 27-11-2014 16:36:39 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte 28-11-2014 12:11:56 Geplanter Prüfpunkt 28-11-2014 17:48:52 DirectX wurde installiert 28-11-2014 17:54:16 DirectX wurde installiert 29-11-2014 18:41:30 Geplanter Prüfpunkt 30-11-2014 16:03:29 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {07BFD074-457D-4543-9EA9-2E2113B5CD4D} - System32\Tasks\GoogleUpdateTaskMachineCore1cecb52cb476d50 => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-26] (Google Inc.) Task: {0B604BDE-56B2-4966-8601-BD28A2C98506} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2013-11-08] (IObit) Task: {33C5459A-30B6-40CC-888F-C69748553D85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-26] (Google Inc.) Task: {3F507F14-0EC4-4942-BAF4-10356CE5A169} - System32\Tasks\Microsoft\Windows\RestartManager\{5B04DB79-54BC-45e2-BFCA-CE08FC7EA726} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {6263BCCA-BADE-4E87-8727-750707D9924E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated) Task: {732E4FE3-4F39-4B13-A236-C26E0DE63A3F} - System32\Tasks\WpsUpdateTask_Olaf => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-11-21] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {8BA7087B-11BA-4B3D-93D9-CB47C97D7D1C} - System32\Tasks\{A548045A-EAC9-44D9-A955-E32D3C12587F} => c:\program files\opera\opera.exe [2014-04-25] (Opera Software) Task: {9DA3D1FB-A27A-4119-90DB-CC26E386FF64} - System32\Tasks\Recovery DVD Creator => C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21] (Packard Bell BV) Task: {A28808C4-F0B3-4CB6-832B-CA3744C0FF0F} - System32\Tasks\ASC7_SkipUac_Olaf => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe Task: {A819BABA-F931-4BD1-9162-9FE510106147} - System32\Tasks\WpsNotifyTask_Olaf => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [2014-03-30] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {C03093B1-B3AB-4B1A-8DE6-5CF32CA5ABE9} - System32\Tasks\Erweiterte Garantie => C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21] (Packard Bell BV) Task: {C5A54F83-00EB-4095-9374-C73574B19307} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-26] (Google Inc.) Task: {C81A3A6E-90AC-4BE4-8CA1-19E01465415B} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Erweiterte Garantie.job => C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecb52cb476d50.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Recovery DVD Creator.job => C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe Task: C:\Windows\Tasks\WpsNotifyTask_Olaf.job => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe Task: C:\Windows\Tasks\WpsUpdateTask_Olaf.job => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-06-08 20:17 - 2012-02-17 19:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll 2014-10-22 15:12 - 2014-10-22 15:12 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll 2014-11-22 18:54 - 2014-11-22 18:54 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdvancedSystemCareService7 => 2 MSCONFIG\startupfolder: C:^Users^Olaf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Advanced SystemCare 6 => "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Olaf\AppData\Local\Smartbar\Application\Smartbar.exe startup MSCONFIG\startupreg: EPSON SX510W Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU "C:\Windows\TEMP\E_SDA8B.tmp" /EF "HKCU" MSCONFIG\startupreg: EPSON SX510W Series (Kopie 1) => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU "C:\Windows\TEMP\E_S5D1D.tmp" /EF "HKCU" MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1166786087\ee\AOLSoftware.exe MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4 MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart MSCONFIG\startupreg: IS CfgWiz => "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start MSCONFIG\startupreg: RoxWatchTray => c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe MSCONFIG\startupreg: RtHDVCpl => rthdvcpl.exe MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SmpcSys => C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: Spotify => "C:\Users\Olaf\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Olaf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter MSCONFIG\startupreg: WMPNSCFG => c:\program files\windows media player\wmpnscfg.exe ========================= Accounts: ========================== Administrator (S-1-5-21-1783187169-4266523473-792420036-500 - Administrator - Disabled) ASPNET (S-1-5-21-1783187169-4266523473-792420036-1001 - Limited - Enabled) Gast (S-1-5-21-1783187169-4266523473-792420036-501 - Limited - Disabled) Olaf (S-1-5-21-1783187169-4266523473-792420036-1002 - Administrator - Enabled) => C:\Users\Olaf UpdatusUser (S-1-5-21-1783187169-4266523473-792420036-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/28/2014 06:56:01 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Program Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe" ; Beschreibung = dw; Hr = 0x80070057). Error: (11/28/2014 06:54:15 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005. Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f39bffb7-25f3-41cf-abfe-5a2f3608f13d} Error: (11/28/2014 06:53:42 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Program Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe" /silent; Beschreibung = dw; Hr = 0x80070057). Error: (11/28/2014 06:48:40 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005. Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f39bffb7-25f3-41cf-abfe-5a2f3608f13d} Error: (11/27/2014 08:54:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung steamwebhelper.exe, Version 2.50.25.37, Zeitstempel 0x546ba74e, fehlerhaftes Modul libcef.dll, Version 3.1916.1692.0, Zeitstempel 0x543d533d, Ausnahmecode 0x80000003, Fehleroffset 0x000a3680, Prozess-ID 0xbcc, Anwendungsstartzeit steamwebhelper.exe0. Error: (11/27/2014 03:07:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung plugin-container.exe, Version 33.1.1.5430, Zeitstempel 0x54656826, fehlerhaftes Modul mozalloc.dll, Version 33.1.1.5430, Zeitstempel 0x54654321, Ausnahmecode 0x80000003, Fehleroffset 0x00001425, Prozess-ID 0xf08, Anwendungsstartzeit plugin-container.exe0. Error: (11/24/2014 10:22:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung nvtray.exe, Version 7.17.13.783, Zeitstempel 0x510a2910, fehlerhaftes Modul nvtray.exe, Version 7.17.13.783, Zeitstempel 0x510a2910, Ausnahmecode 0x40000015, Fehleroffset 0x001031ef, Prozess-ID 0x1a4, Anwendungsstartzeit nvtray.exe0. Error: (11/24/2014 08:23:23 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005. Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {7a847fd9-04de-4710-91cc-80a87185434c} Error: (11/24/2014 08:22:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung setFE23.tmp, Version 10.50.0.125, Zeitstempel 0x4178b4a2, fehlerhaftes Modul setFE23.tmp, Version 10.50.0.125, Zeitstempel 0x4178b4a2, Ausnahmecode 0xc0000005, Fehleroffset 0x00007139, Prozess-ID 0xb14, Anwendungsstartzeit setFE23.tmp0. Error: (11/24/2014 08:12:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung setA748.tmp, Version 10.50.0.125, Zeitstempel 0x4178b4a2, fehlerhaftes Modul setA748.tmp, Version 10.50.0.125, Zeitstempel 0x4178b4a2, Ausnahmecode 0xc0000005, Fehleroffset 0x00007139, Prozess-ID 0xbf4, Anwendungsstartzeit setA748.tmp0. System errors: ============= Error: (11/30/2014 02:15:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: LiveUpdate1 Error: (11/30/2014 02:15:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Automatisches LiveUpdate - Scheduler%%3 Error: (11/30/2014 02:15:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: IMF Service%%1053 Error: (11/30/2014 02:15:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000IMF Service Error: (11/28/2014 07:04:32 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 28.11.2014 um 19:01:29 unerwartet heruntergefahren. Error: (11/27/2014 09:05:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: LiveUpdate1 Error: (11/27/2014 09:04:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Automatisches LiveUpdate - Scheduler%%3 Error: (11/27/2014 09:04:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: IMF Service%%1053 Error: (11/27/2014 09:04:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000IMF Service Error: (11/27/2014 08:40:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Steam Client Service%%1053 Microsoft Office Sessions: ========================= Error: (11/28/2014 06:56:01 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Program Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe" dw0x80070057 Error: (11/28/2014 06:54:15 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005 Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f39bffb7-25f3-41cf-abfe-5a2f3608f13d} Error: (11/28/2014 06:53:42 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Program Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe" /silentdw0x80070057 Error: (11/28/2014 06:48:40 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005 Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f39bffb7-25f3-41cf-abfe-5a2f3608f13d} Error: (11/27/2014 08:54:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: steamwebhelper.exe2.50.25.37546ba74elibcef.dll3.1916.1692.0543d533d80000003000a3680bcc01d00a79f9f343a7 Error: (11/27/2014 03:07:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe33.1.1.543054656826mozalloc.dll33.1.1.5430546543218000000300001425f0801d00a4a8c3f8fe8 Error: (11/24/2014 10:22:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvtray.exe7.17.13.783510a2910nvtray.exe7.17.13.783510a291040000015001031ef1a401d0081b5d23cf56 Error: (11/24/2014 08:23:23 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005 Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {7a847fd9-04de-4710-91cc-80a87185434c} Error: (11/24/2014 08:22:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: setFE23.tmp10.50.0.1254178b4a2setFE23.tmp10.50.0.1254178b4a2c000000500007139b1401d0081c058d861d Error: (11/24/2014 08:12:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: setA748.tmp10.50.0.1254178b4a2setA748.tmp10.50.0.1254178b4a2c000000500007139bf401d0081a9fdb80aa CodeIntegrity Errors: =================================== Date: 2013-11-22 18:25:50.734 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-20 21:33:29.375 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-20 19:26:05.906 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-19 16:47:43.484 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-19 06:50:37.656 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-18 17:32:19.625 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-18 13:08:13.015 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-17 11:58:51.390 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-16 18:02:37.843 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-14 17:21:07.421 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz Percentage of memory in use: 85% Total physical RAM: 1021.88 MB Available physical RAM: 143.57 MB Total Pagefile: 2292.87 MB Available Pagefile: 580.96 MB Total Virtual: 2047.88 MB Available Virtual: 1918.16 MB ==================== Drives ================================ Drive c: (HDD) (Fixed) (Total:141.05 GB) (Free:78.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: F6CBED85) Partition 1: (Not Active) - (Size=8 GB) - (Type=27) Partition 2: (Active) - (Size=141 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Geändert von Creatiive (30.11.2014 um 17:51 Uhr) |
30.11.2014, 19:19 | #2 |
/// the machine /// TB-Ausbilder | Facebook (Virus) hi,
__________________sieht gut aus
__________________ |
Themen zu Facebook (Virus) |
aufgepasst, beste, besten, direkt, facebook, freundin, geklickt, geschlossen, glaube, komplett, laden, link, link geklickt, malwarebytes, nachricht, nicht mehr, passwort, person, programm, richtig, schei, schnell, seite, vcredist, virus, ähnlich, öfters |