|
Plagegeister aller Art und deren Bekämpfung: Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.12.2014, 15:02 | #1 |
| Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 Hallo liebe Forenmitglieder, ich weiß, das Problem wurde gerade erst besprochen aber da ich leider bei dem Tread nicht direkt Antworten konnte muss ich leider einen Neuen aufmachen. Leider habe ich mir letzte Woche auch einen Programm geladen und da zu noch ein paar unerwünschte dazu bekommen. Damit ich die gleich wieder los werde habe ich diese mit Revo Uninstaler gleich wieder löschen wollen. Das Ergebnis war leider, das der Bildschirm/Desktop seit dem schwarz ist und ich nur noch das Fenster vom Arbeitsplatz geöffnet habe. Mein erster Verdacht war, dass ich vielleicht etwas von Windows mit gelöscht haben könnte. Daher habe ich zu erst das System wieder zurücksetzten lassen, dann Windows versucht zu reperieren auch über CD. Hat leider nichts geholfen. Dan habe ich den Tread hier gefunden und fleißig mit gemacht soweit ich es als unwissendes Wessen hinbekommen habe. Geholfen hat es leider auch nicht, daher frage ich nun euch doch noch direkt um Hilfe an. Also die erste Meldung von FRST sah wie folgt aus: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014 Ran by Nini (administrator) on JANINE-PC on 07-12-2014 09:42:34 Running from E:\ Loaded Profile: Nini (Available profiles: Janine & UpdatusUser & Nini & Administrator & Gast) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-507852487-1521238306-3764321456-1004\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe [851632 2014-07-20] (Adobe Systems Incorporated) HKU\S-1-5-21-507852487-1521238306-3764321456-1004\...\MountPoints2: {7c691095-9f5c-11e2-8bba-001fd0946bf9} - E:\pushinst.exe HKU\S-1-5-21-507852487-1521238306-3764321456-1004\...\MountPoints2: {983e5de1-bf15-11de-a9df-c0648ec021b2} - E:\LaunchU3.exe -a Startup: C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\Janine\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-507852487-1521238306-3764321456-1004] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-507852487-1521238306-3764321456-1004] => http=127.0.0.1:49173;https=127.0.0.1:49173 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFB04E8402B7DCE01 HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\S-1-5-21-507852487-1521238306-3764321456-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Feven Pro 1.2 -> {11111111-1111-1111-1111-110511161182} -> No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> c:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: TrustMediaViewerV1alpha5271 -> {de489fd6-d184-4eb2-b980-d3e8f71c6e45} -> C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha5271\ie\TrustMediaViewerV1alpha5271x64.dll () BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: BlockAndSurf -> {C29E789C-DCB6-4B82-88C0-D5046D2C8FF6} -> C:\Program Files (x86)\di8BlockAndSurf\175.dll No File BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog5-x64 07 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\user.js FF Extension: Adblock Plus - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-05] FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-08-10] FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-08-10] FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta2061.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta2061\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha501.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha501\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha216.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha216\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha329.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha329\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha4611.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4611\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home63.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home63\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaBuzzV1mode1096.net] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode1096\ff FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release5650.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5650\ff FF HKLM-x32\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha5271.net] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha5271\ff FF Extension: Trust Media Viewer - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha5271\ff [2014-06-28] FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla FireFox\extensions\termtutor@termtutor.com FF HKU\S-1-5-21-507852487-1521238306-3764321456-1004\...\Firefox\Extensions: [{39207FA9-632F-58D1-AE46-2F7C370FBF59}] - C:\Program Files (x86)\di8BlockAndSurf\175.xpi FF Extension: No Name - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\extensions\e49d3f99-7c89-4eb4-99f3-ff903e2189b2@5288754a-7a48-41a0-a10f-e98c9ac12040.com [Not Found] FF Extension: No Name - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com [Not Found] FF Extension: No Name - C:\Program Files\Nightly\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> CHR Profile: C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default CHR Extension: (Google Docs) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-11] CHR Extension: (Google Drive) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-11] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-11] CHR Extension: (Adblock Plus) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-05] CHR Extension: (Google-Suche) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-11] CHR Extension: (Trust Media Viewer) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\inleambckaaohcdcbmhnbklmakeccnei [2014-06-28] CHR Extension: (BlockAndSurf) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\jlkgbgijaaodbhoacnechcehepdfganc [2014-07-15] CHR Extension: (Google Wallet) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-11] CHR Extension: (Google Mail) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-11] CHR HKLM-x32\...\Chrome\Extension: [bcpbcngonbobipkhkdkfffkgpmnmeola] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5650\ch\RichMediaViewV1release5650.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bgnnkhlplihnikcljmlfleknmajpdieg] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta2061\ch\VideoPlayerV3beta2061.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bjhjcbjpdohojlfpalfnediiibbdkabh] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode1096\ch\MediaBuzzV1mode1096.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dopemniaeocfenlpnoannaefnhfcjcgi] - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\searchswitch.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [ejgjpkdliopkjhenfaioejboibiagbcc] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha216\ch\MediaViewerV1alpha216.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [gmpcjdhphhdfnflcgpgeneojihpojidm] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4611\ch\MediaViewV1alpha4611.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [goodaalebnjpdnjgbjpbbllmmphdbgmi] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha329\ch\MediaViewV1alpha329.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [inleambckaaohcdcbmhnbklmakeccnei] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha5271\ch\TrustMediaViewerV1alpha5271.crx [2014-06-26] CHR HKLM-x32\...\Chrome\Extension: [lehbeodgjfnoeiaonejbbdeebmmknjlj] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home63\ch\MediaWatchV1home63.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG) S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S4 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) S4 LicCtrlService; C:\Windows\runservice.exe [2560 2011-07-17] () [File not signed] S4 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2010-05-25] () S4 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [430888 2014-08-08] () S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2013-03-25] () S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.) [File not signed] S3 BrUsbSer; C:\Windows\System32\DRIVERS\BrUsbSer.sys [19584 2006-09-02] (Brother Industries Ltd.) [File not signed] R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2013-03-17] () S3 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-15] (CACE Technologies, Inc.) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S1 ttnfd; system32\drivers\ttnfd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 09:42 - 2014-12-07 09:42 - 00000000 ____D () C:\FRST 2014-12-06 14:01 - 2014-12-06 14:01 - 00006144 ____N () C:\bootex.log 2014-12-06 14:01 - 2014-12-06 14:01 - 00003560 ____N () C:\bootsqm.dat 2014-12-06 11:10 - 2014-12-06 11:10 - 00000000 ____D () C:\OETemp 2014-12-06 10:13 - 2014-12-06 10:13 - 00003318 _____ () C:\Users\Nini\Desktop\Windows-Kompatibilitätsbericht.htm 2014-12-06 08:50 - 2014-12-06 10:20 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-12-06 08:50 - 2014-12-06 10:20 - 00001908 _____ () C:\Windows\diagerr.xml 2014-11-29 16:19 - 2014-12-06 09:09 - 00000338 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job 2014-11-29 16:19 - 2014-11-30 19:46 - 00000000 ____D () C:\Program Files (x86)\Search Extensions 2014-11-29 16:19 - 2014-11-29 16:19 - 00004324 _____ () C:\Windows\System32\Tasks\RocketTab Update Task 2014-11-29 16:19 - 2014-11-29 16:19 - 00003538 _____ () C:\Windows\System32\Tasks\RocketTab 2014-11-29 16:19 - 2014-11-29 16:19 - 00002718 _____ () C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator 2014-11-29 16:18 - 2014-11-30 00:47 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up 2014-11-29 16:18 - 2014-11-29 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up 2014-11-23 14:12 - 2014-11-23 14:12 - 00349944 _____ () C:\Users\Nini\Downloads\Nicht bestätigt 867825.crdownload 2014-11-19 22:16 - 2014-11-19 22:16 - 00049525 _____ () C:\Users\Nini\Downloads\Liste- Schulen - Tag der offenen Tür (2) 2014-11-10 19:29 - 2014-11-10 19:29 - 00049525 _____ () C:\Users\Nini\Downloads\Liste- Schulen - Tag der offenen Tür (1) 2014-11-10 19:25 - 2014-11-10 19:25 - 00049525 _____ () C:\Users\Nini\Downloads\Liste- Schulen - Tag der offenen Tür 2014-11-08 09:58 - 2014-12-06 11:06 - 00000000 ____D () C:\Program Files (x86)\SlySoft 2014-11-08 09:58 - 2014-11-08 09:58 - 00000000 ____D () C:\ProgramData\374311380 2014-11-08 09:56 - 2014-11-08 09:56 - 00000000 ____D () C:\Users\Nini\Documents\Optimizer Pro 2014-11-08 09:51 - 2014-12-06 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla FireFox 2014-11-08 08:59 - 2014-12-06 11:09 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2014-11-08 08:59 - 2014-11-29 16:50 - 00000125 ___SH () C:\ProgramData\.zreglib ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 09:40 - 2013-04-04 19:27 - 00000000 ____D () C:\Users\Nini\AppData\Roaming\vlc 2014-12-07 09:03 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-07 09:03 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-07 08:56 - 2014-01-29 16:11 - 00002096 __RSH () C:\ProgramData\ntuser.pol 2014-12-06 15:32 - 2013-08-15 08:15 - 00000000 ____D () C:\Users\Nini\AppData\Local\TubeBox 2014-12-06 15:32 - 2013-01-12 10:55 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-06 15:32 - 2013-01-12 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec 2014-12-06 15:22 - 2009-10-22 11:48 - 01786125 _____ () C:\Windows\WindowsUpdate.log 2014-12-06 15:20 - 2013-11-12 20:07 - 00001264 _____ () C:\Users\Nini\Desktop\Revo Uninstaller.lnk 2014-12-06 15:20 - 2013-01-12 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-06 10:54 - 2013-08-15 07:34 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-06 10:54 - 2010-03-08 06:07 - 00869324 _____ () C:\Windows\PFRO.log 2014-12-06 10:51 - 2013-08-15 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-06 10:51 - 2012-09-08 06:18 - 00000000 ____D () C:\ProgramData\Avira 2014-12-06 10:21 - 2013-04-03 14:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-06 10:21 - 2011-07-17 07:06 - 00000609 ___SH () C:\Windows\SysWOW64\mmf.sys 2014-12-06 10:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-06 10:21 - 2009-07-14 05:51 - 00001197 _____ () C:\Windows\setupact.log 2014-12-06 09:36 - 2013-04-03 14:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-06 08:50 - 2009-07-14 05:51 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-06 08:39 - 2009-07-14 18:58 - 00653928 _____ () C:\Windows\system32\perfh007.dat 2014-12-06 08:39 - 2009-07-14 18:58 - 00129800 _____ () C:\Windows\system32\perfc007.dat 2014-12-06 08:39 - 2009-07-14 06:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-01 16:14 - 2013-04-04 19:27 - 00000000 ____D () C:\Users\Nini\AppData\Roaming\dvdcss 2014-11-30 00:53 - 2009-10-22 11:54 - 00000000 __SHD () C:\Recovery 2014-11-30 00:48 - 2013-04-02 20:00 - 00000000 ____D () C:\Users\Nini 2014-11-30 00:47 - 2013-04-02 15:02 - 00000000 ____D () C:\Users\Gast 2014-11-30 00:47 - 2013-03-25 13:11 - 00000000 ____D () C:\Users\Administrator 2014-11-30 00:47 - 2011-11-08 10:15 - 00000000 ____D () C:\Program Files (x86)\JLC's Software 2014-11-30 00:47 - 2010-11-22 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis 2014-11-30 00:47 - 2010-11-22 11:53 - 00000000 ____D () C:\Program Files (x86)\Acronis 2014-11-30 00:47 - 2009-10-22 11:54 - 00000000 ____D () C:\Users\Janine 2014-11-30 00:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-11-25 23:39 - 2014-03-11 17:14 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-19 22:39 - 2010-04-02 13:42 - 00000034 _____ () C:\Windows\cdplayer.ini 2014-11-15 11:31 - 2013-04-03 14:02 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-15 11:31 - 2013-04-03 14:02 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-08 09:58 - 2014-07-08 18:29 - 00000000 ____D () C:\ProgramData\SlySoft Some content of TEMP: ==================== C:\Users\Janine\AppData\Local\Temp\AskSLib.dll C:\Users\Janine\AppData\Local\Temp\drm_dyndata_7380009.dll C:\Users\Janine\AppData\Local\Temp\drm_dyndata_7390004.dll C:\Users\Janine\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Janine\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe C:\Users\Janine\AppData\Local\Temp\wajam_install.exe C:\Users\Janine\AppData\Local\Temp\xmlUpdater.exe C:\Users\Nini\AppData\Local\Temp\3P9LLoading.EXE C:\Users\Nini\AppData\Local\Temp\avgnt.exe C:\Users\Nini\AppData\Local\Temp\DownloadManager.exe C:\Users\Nini\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Nini\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Nini\AppData\Local\Temp\htmlayout.dll C:\Users\Nini\AppData\Local\Temp\Player_Setup(1).exe C:\Users\Nini\AppData\Local\Temp\PreExe_ID_13296.exe C:\Users\Nini\AppData\Local\Temp\Quarantine.exe C:\Users\Nini\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Nini\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Nini\AppData\Local\Temp\SecurityUtility.exe C:\Users\Nini\AppData\Local\Temp\Setup(1).exe C:\Users\Nini\AppData\Local\Temp\Setup.exe C:\Users\Nini\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Nini\AppData\Local\Temp\System.Data.SQLiteea1b056f-d1e3-4476-b0b2-a3fd3cf497df.dll C:\Users\Nini\AppData\Local\Temp\tmp90E8.exe C:\Users\Nini\AppData\Local\Temp\toolbar377900.exe C:\Users\Nini\AppData\Local\Temp\toolbar378944.exe C:\Users\Nini\AppData\Local\Temp\toolbar455739.exe C:\Users\Nini\AppData\Local\Temp\uninstall-updater1453169.exe C:\Users\Nini\AppData\Local\Temp\uninstall.exe C:\Users\Nini\AppData\Local\Temp\uninstall1472504.exe C:\Users\Nini\AppData\Local\Temp\uninstall1472597.exe C:\Users\Nini\AppData\Local\Temp\uninstall1515164.exe C:\Users\Nini\AppData\Local\Temp\uninstall1525700.exe C:\Users\Nini\AppData\Local\Temp\uninstall1525747.exe C:\Users\Nini\AppData\Local\Temp\vp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 09:08 ==================== End Of Log ============================ Diese Komische Speed UP Programm hat mir das Uninstalprogramm leider nicht angezeigt, daher habe ich es so versucht zu löschen. Mit wenig Erfolg wie es scheint. Die Ausgabe von AdwCleaner sah wie folgt aus: # AdwCleaner v4.104 - Bericht erstellt am 07/12/2014 um 10:38:14 # Aktualisiert 05/12/2014 von Xplode # Database : 2014-12-01.1 [Local] # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Nini - JANINE-PC # Gestartet von : E:\AdwCleaner_4.104.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : pcsuservice ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\apn Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up Ordner Gelöscht : C:\Program Files (x86)\pc speed up Ordner Gelöscht : C:\Users\Nini\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp Ordner Gelöscht : C:\Users\Nini\Documents\Optimizer Pro Ordner Gelöscht : C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlkgbgijaaodbhoacnechcehepdfganc [/!\] Nicht Gelöscht ( Junction ) : C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlkgbgijaaodbhoacnechcehepdfganc Datei Gelöscht : C:\Users\Nini\AppData\Local\Temp\Uninstall.exe Datei Gelöscht : C:\Windows\System32\drivers\webinstr.sys Datei Gelöscht : C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\user.js Datei Gelöscht : C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage Datei Gelöscht : C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage-journal Datei Gelöscht : C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal ***** [ Tasks ] ***** Task Gelöscht : PC SpeedUp Service Deactivator Task Gelöscht : RocketTab Update Task Task Gelöscht : RocketTab ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{39207FA9-632F-58D1-AE46-2F7C370FBF59}] Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKCU\Software\Boost Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Optimizer Pro Schlüssel Gelöscht : HKCU\Software\Speedchecker Limited Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\SOFTWARE\Boost Schlüssel Gelöscht : HKLM\SOFTWARE\Speedchecker Limited Schlüssel Gelöscht : HKLM\SOFTWARE\TermTutor Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16421 -\\ Mozilla Firefox v20.0.1 (de) [mnz40fks.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com"); [mnz40fks.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ask.com"); [mnz40fks.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com"); -\\ Google Chrome v39.0.2171.71 ************************* AdwCleaner[R0].txt - [34257 octets] - [31/07/2014 12:50:04] AdwCleaner[R1].txt - [10544 octets] - [07/12/2014 10:08:48] AdwCleaner[R2].txt - [7595 octets] - [07/12/2014 10:35:54] AdwCleaner[S0].txt - [30521 octets] - [31/07/2014 12:51:21] AdwCleaner[S1].txt - [7129 octets] - [07/12/2014 10:38:14] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7189 octets] ########## Junkeware Removal hat mir das folgende ausgegeben: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Professional x64 Ran by Nini on 07.12.2014 at 10:42:19,16 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update greygray Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util greygray Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9" ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07.12.2014 at 10:45:13,19 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ MBAM habe ich zwar gemacht aber die Txt. Datei vergessen zu speichen. Schuldigung. Danach sah das FRST wie folgt aus: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01 Ran by Nini (administrator) on JANINE-PC on 07-12-2014 11:29:25 Running from E:\ Loaded Profile: Nini (Available profiles: Janine & UpdatusUser & Nini & Administrator & Gast) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) HKU\S-1-5-21-507852487-1521238306-3764321456-1004\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe [851632 2014-07-20] (Adobe Systems Incorporated) HKU\S-1-5-21-507852487-1521238306-3764321456-1004\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S1].txt HKU\S-1-5-21-507852487-1521238306-3764321456-1004\...\MountPoints2: {7c691095-9f5c-11e2-8bba-001fd0946bf9} - E:\pushinst.exe HKU\S-1-5-21-507852487-1521238306-3764321456-1004\...\MountPoints2: {983e5de1-bf15-11de-a9df-c0648ec021b2} - E:\LaunchU3.exe -a Startup: C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\Janine\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-507852487-1521238306-3764321456-1004] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-507852487-1521238306-3764321456-1004] => http=127.0.0.1:49173;https=127.0.0.1:49173 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFB04E8402B7DCE01 HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\S-1-5-21-507852487-1521238306-3764321456-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> c:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog5-x64 07 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-05] FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-08-10] FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-08-10] FF Extension: No Name - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\extensions\e49d3f99-7c89-4eb4-99f3-ff903e2189b2@5288754a-7a48-41a0-a10f-e98c9ac12040.com [Not Found] FF Extension: No Name - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com [Not Found] FF Extension: No Name - C:\Program Files\Nightly\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> CHR Profile: C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default CHR Extension: (Google Docs) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-11] CHR Extension: (Google Drive) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-11] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-11] CHR Extension: (Adblock Plus) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-05] CHR Extension: (Google-Suche) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-11] CHR Extension: (Trust Media Viewer) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\inleambckaaohcdcbmhnbklmakeccnei [2014-06-28] CHR Extension: (Google Wallet) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-11] CHR Extension: (Google Mail) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-11] CHR HKLM-x32\...\Chrome\Extension: [bcpbcngonbobipkhkdkfffkgpmnmeola] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5650\ch\RichMediaViewV1release5650.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bgnnkhlplihnikcljmlfleknmajpdieg] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta2061\ch\VideoPlayerV3beta2061.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bjhjcbjpdohojlfpalfnediiibbdkabh] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode1096\ch\MediaBuzzV1mode1096.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dopemniaeocfenlpnoannaefnhfcjcgi] - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\searchswitch.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [ejgjpkdliopkjhenfaioejboibiagbcc] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha216\ch\MediaViewerV1alpha216.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [gmpcjdhphhdfnflcgpgeneojihpojidm] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4611\ch\MediaViewV1alpha4611.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [goodaalebnjpdnjgbjpbbllmmphdbgmi] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha329\ch\MediaViewV1alpha329.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [inleambckaaohcdcbmhnbklmakeccnei] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha5271\ch\TrustMediaViewerV1alpha5271.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [lehbeodgjfnoeiaonejbbdeebmmknjlj] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home63\ch\MediaWatchV1home63.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) ATTENTION: => Could not perform signature verification. Cryptographic Service is not running. S4 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG) S4 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) S4 LicCtrlService; C:\Windows\runservice.exe [2560 2011-07-17] () S4 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2010-05-25] () S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2013-03-25] () S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2013-03-17] () S3 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-15] (CACE Technologies, Inc.) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 11:28 - 2014-12-07 11:29 - 00000000 ____D () C:\FRST 2014-12-07 11:24 - 2014-12-07 11:24 - 00000492 _____ () C:\DelFix.txt 2014-12-07 10:42 - 2014-12-07 10:42 - 00000000 ____D () C:\Windows\ERUNT 2014-12-07 10:31 - 2014-12-07 11:25 - 00000000 ____D () C:\Users\Nini\rechner wieder Her 2014-12-07 10:10 - 2014-12-07 10:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-07 10:09 - 2014-12-07 10:09 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-07 10:09 - 2014-12-07 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-07 10:09 - 2014-12-07 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-07 10:09 - 2014-12-07 10:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-07 10:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-07 10:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-07 10:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-06 14:01 - 2014-12-06 14:01 - 00003560 ____N () C:\bootsqm.dat 2014-12-06 11:10 - 2014-12-06 11:10 - 00000000 ____D () C:\OETemp 2014-12-06 10:13 - 2014-12-06 10:13 - 00003318 _____ () C:\Users\Nini\Desktop\Windows-Kompatibilitätsbericht.htm 2014-12-06 08:50 - 2014-12-06 10:20 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-12-06 08:50 - 2014-12-06 10:20 - 00001908 _____ () C:\Windows\diagerr.xml 2014-11-08 09:58 - 2014-12-06 11:06 - 00000000 ____D () C:\Program Files (x86)\SlySoft 2014-11-08 09:51 - 2014-12-06 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla FireFox 2014-11-08 08:59 - 2014-12-06 11:09 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2014-11-08 08:59 - 2014-11-29 16:50 - 00000125 ___SH () C:\ProgramData\.zreglib ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 11:23 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-07 11:23 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-07 11:17 - 2013-04-03 14:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-07 11:16 - 2014-01-29 16:11 - 00002096 __RSH () C:\ProgramData\ntuser.pol 2014-12-07 11:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-07 10:39 - 2010-03-08 06:07 - 00905658 _____ () C:\Windows\PFRO.log 2014-12-07 10:37 - 2013-04-03 14:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-07 10:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA 2014-12-07 10:31 - 2013-04-02 20:00 - 00000000 ____D () C:\Users\Nini 2014-12-07 09:40 - 2013-04-04 19:27 - 00000000 ____D () C:\Users\Nini\AppData\Roaming\vlc 2014-12-06 15:32 - 2013-08-15 08:15 - 00000000 ____D () C:\Users\Nini\AppData\Local\TubeBox 2014-12-06 15:32 - 2013-01-12 10:55 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-06 15:32 - 2013-01-12 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec 2014-12-06 15:22 - 2009-10-22 11:48 - 01786125 _____ () C:\Windows\WindowsUpdate.log 2014-12-06 15:20 - 2013-11-12 20:07 - 00001264 _____ () C:\Users\Nini\Desktop\Revo Uninstaller.lnk 2014-12-06 15:20 - 2013-01-12 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-06 10:54 - 2013-08-15 07:34 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-06 10:51 - 2013-08-15 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-06 10:51 - 2012-09-08 06:18 - 00000000 ____D () C:\ProgramData\Avira 2014-12-06 10:21 - 2011-07-17 07:06 - 00000609 ___SH () C:\Windows\SysWOW64\mmf.sys 2014-12-06 10:21 - 2009-07-14 05:51 - 00001197 _____ () C:\Windows\setupact.log 2014-12-06 08:50 - 2009-07-14 05:51 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-06 08:39 - 2009-07-14 18:58 - 00653928 _____ () C:\Windows\system32\perfh007.dat 2014-12-06 08:39 - 2009-07-14 18:58 - 00129800 _____ () C:\Windows\system32\perfc007.dat 2014-12-06 08:39 - 2009-07-14 06:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-01 16:14 - 2013-04-04 19:27 - 00000000 ____D () C:\Users\Nini\AppData\Roaming\dvdcss 2014-11-30 00:53 - 2009-10-22 11:54 - 00000000 __SHD () C:\Recovery 2014-11-30 00:47 - 2013-04-02 15:02 - 00000000 ____D () C:\Users\Gast 2014-11-30 00:47 - 2013-03-25 13:11 - 00000000 ____D () C:\Users\Administrator 2014-11-30 00:47 - 2011-11-08 10:15 - 00000000 ____D () C:\Program Files (x86)\JLC's Software 2014-11-30 00:47 - 2010-11-22 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis 2014-11-30 00:47 - 2010-11-22 11:53 - 00000000 ____D () C:\Program Files (x86)\Acronis 2014-11-30 00:47 - 2009-10-22 11:54 - 00000000 ____D () C:\Users\Janine 2014-11-30 00:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-11-25 23:39 - 2014-03-11 17:14 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-19 22:39 - 2010-04-02 13:42 - 00000034 _____ () C:\Windows\cdplayer.ini 2014-11-15 11:31 - 2013-04-03 14:02 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-15 11:31 - 2013-04-03 14:02 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-08 09:58 - 2014-07-08 18:29 - 00000000 ____D () C:\ProgramData\SlySoft Some content of TEMP: ==================== C:\Users\Janine\AppData\Local\Temp\AskSLib.dll C:\Users\Janine\AppData\Local\Temp\drm_dyndata_7380009.dll C:\Users\Janine\AppData\Local\Temp\drm_dyndata_7390004.dll C:\Users\Janine\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Janine\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe C:\Users\Janine\AppData\Local\Temp\xmlUpdater.exe C:\Users\Nini\AppData\Local\Temp\avgnt.exe C:\Users\Nini\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Nini\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Nini\AppData\Local\Temp\htmlayout.dll C:\Users\Nini\AppData\Local\Temp\Player_Setup(1).exe C:\Users\Nini\AppData\Local\Temp\Quarantine.exe C:\Users\Nini\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Nini\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Nini\AppData\Local\Temp\Setup(1).exe C:\Users\Nini\AppData\Local\Temp\Setup.exe C:\Users\Nini\AppData\Local\Temp\sqlite3.dll C:\Users\Nini\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Nini\AppData\Local\Temp\System.Data.SQLiteea1b056f-d1e3-4476-b0b2-a3fd3cf497df.dll C:\Users\Nini\AppData\Local\Temp\tmp90E8.exe C:\Users\Nini\AppData\Local\Temp\uninstall1472504.exe C:\Users\Nini\AppData\Local\Temp\uninstall1525700.exe C:\Users\Nini\AppData\Local\Temp\uninstall1525747.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-12-06 09:08 ==================== End Of Log ============================ Zu guter Letzt noch der Auszug aus Delfix. Das ESET Online Scanne Programm konnte ich leider nicht nutzen. Dazu muss ich Online gehen und die Internetverbindung funktioniert leider zur Zeit auch nicht. Wobei ich nicht weiß ob ich durch meine Klickerrei hier das erst verursacht habe. Zumindest habe ich letzte Woche noch Ton gehabt, jetzt leider nicht mehr. So jetzt noch der Auszug von Delfix. # DelFix v10.8 - Datei am 07/12/2014 um 13:53:02 erstellt # Aktualisiert am 29/07/2014 von Xplode # Benutzer : Nini - JANINE-PC # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) ~ Aktiviere die Benutzerkontensteuerung ... OK ~ Entferne die Bereinigungsprogramme ... Gelöscht : C:\FRST ~ Erstelle ein Backup der Registrierungsdatenbank ... OK ~ Lösche die Wiederherstellungspunkte ... Ein neuer Wiederherstellungspunkt wurde erstellt ! ~ Stelle die Systemeinstellungen wieder her ... OK ########## - EOF - ########## Das wars erst mal. Wie gesagt geholfen hat es bisher nicht. Falls Ihr noch eine Idee habt würde ich mich freuen und bedank mich schon mal im Vorraus. |
07.12.2014, 15:23 | #2 |
/// the machine /// TB-Ausbilder | Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Addition.txt von FRST fehlt noch.
__________________ |
07.12.2014, 17:50 | #3 |
| Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 O.K.
__________________erst einmal Danke für die schnelle Antwort. Hier noch die Additional. Code:
ATTFilter #Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01 Ran by Nini at 2014-12-07 11:29:45 Running from E:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis*Disk*Director*Home (HKLM-x32\...\{9CCC78EF-027E-40E0-9B61-39932C65E3FE}) (Version: 11.0.216 - Acronis) ADI USB ADSL LAN Adapter (HKLM-x32\...\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}) (Version: - ) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated) Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland) Audiograbber Lame-MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG) Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden Bing Bar Platform (x32 Version: 6.3.2291.0 - Microsoft Corporation) Hidden Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation) Free Video Dub version 2.0.21.822 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.822 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.34.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.) Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation) FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin) GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{AF43C18E-693D-4126-B190-8F55E3623D5D}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard) HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - ) IsoBuster 2.8 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8 - Smart Projects) Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle) Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.) Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) JLC's Internet TV (HKLM-x32\...\JLC's Internet TV) (Version: - ) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Media Buzz (HKLM-x32\...\MediaBuzzV1mode1096) (Version: 1.1 - Media Buzz) <==== ATTENTION Media Player (HKLM-x32\...\MediaPlayerV1alpha501) (Version: 1.1 - Media Player) <==== ATTENTION Media View (HKLM-x32\...\MediaViewV1alpha329) (Version: 1.1 - Media View) <==== ATTENTION Media View (HKLM-x32\...\MediaViewV1alpha4611) (Version: 1.1 - Media View) <==== ATTENTION Media Viewer (HKLM-x32\...\MediaViewerV1alpha216) (Version: 1.1 - Media Viewer) <==== ATTENTION Media Watch (HKLM-x32\...\MediaWatchV1home63) (Version: 1.1 - Media Watch) <==== ATTENTION Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office PowerPoint 2007 (HKLM-x32\...\POWERPOINT) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0a1 - Mozilla) MSI Afterburner 2.1.0 (HKLM-x32\...\Afterburner) (Version: 2.1.0 - MSI Co., LTD) MSI Kombustor(BETA) v0.7.0 (HKLM-x32\...\MSI Kombustor(BETA)_is1) (Version: - MSI) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall) NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation) NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH) PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: - Jan Fiala) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Rich Media View (HKLM-x32\...\RichMediaViewV1release5650) (Version: 1.1 - Rich Media View) <==== ATTENTION ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc) SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.296 - TuneUp Software) Hidden Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team) WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-507852487-1521238306-3764321456-1004_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll () ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2011-02-16 23:03 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1C020B8D-BE13-49D6-BEBD-F0FA5C94B7DC} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => c:\Program Files\Java\jre6\bin\jusched.exe [2012-09-30] (Sun Microsystems, Inc.) Task: {24F51262-6055-4DEA-B698-86DBCCC26D0D} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2004-04-17] (InstallShield Software Corporation) Task: {32F10DA7-958A-4A5D-B60A-82BD68D7FBFD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated) Task: {47C76D72-82E0-4B17-A5B9-32C53D7E7F32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03] (Google Inc.) Task: {71F0BB36-37F4-4754-9694-9117059A0030} - System32\Tasks\{B8BD125C-F190-4768-8AC3-AC2F158113DF} => C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe Task: {80671ADD-1850-4478-AC52-F2945BA83E24} - System32\Tasks\{C4151EC2-2D9F-49EE-B833-435FE3A9BE51} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {9F9953F9-C4CA-4D65-A9D6-BACB897E0048} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard) Task: {B2444B34-3D98-465C-9635-61E9DEC79E1A} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.) Task: {B73DFC78-837A-4C4D-B9AF-48A85A8A7C30} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16] (InstallShield Software Corporation) Task: {B7BE6DF8-5F57-4F20-A284-FCDF235DFD78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03] (Google Inc.) Task: {FE3AF70D-09C3-4FE0-BC8D-7617984B7487} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-13 16:14 - 2009-12-12 15:12 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeActiveFileMonitor8.0 => 3 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AeLookupSvc => 3 MSCONFIG\Services: ALG => 3 MSCONFIG\Services: AppIDSvc => 3 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: AppMgmt => 3 MSCONFIG\Services: AudioEndpointBuilder => 2 MSCONFIG\Services: AudioSrv => 2 MSCONFIG\Services: Avira.OE.ServiceHost => 2 MSCONFIG\Services: AxInstSV => 3 MSCONFIG\Services: BDESVC => 3 MSCONFIG\Services: BFE => 2 MSCONFIG\Services: BITS => 2 MSCONFIG\Services: Browser => 3 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: CertPropSvc => 3 MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2 MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2 MSCONFIG\Services: COMSysApp => 3 MSCONFIG\Services: CryptSvc => 2 MSCONFIG\Services: CscService => 2 MSCONFIG\Services: defragsvc => 3 MSCONFIG\Services: Dhcp => 2 MSCONFIG\Services: Dnscache => 2 MSCONFIG\Services: dot3svc => 3 MSCONFIG\Services: DPS => 2 MSCONFIG\Services: EapHost => 3 MSCONFIG\Services: EFS => 3 MSCONFIG\Services: ehRecvr => 3 MSCONFIG\Services: ehSched => 3 MSCONFIG\Services: eventlog => 2 MSCONFIG\Services: EventSystem => 2 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: fdPHost => 3 MSCONFIG\Services: FDResPub => 3 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: FontCache => 2 MSCONFIG\Services: FontCache3.0.0.0 => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: hidserv => 3 MSCONFIG\Services: hkmsvc => 3 MSCONFIG\Services: HomeGroupListener => 3 MSCONFIG\Services: HomeGroupProvider => 3 MSCONFIG\Services: IDriverT => 3 MSCONFIG\Services: idsvc => 3 MSCONFIG\Services: IGDCTRL => 2 MSCONFIG\Services: IKEEXT => 2 MSCONFIG\Services: IPBusEnum => 3 MSCONFIG\Services: iphlpsvc => 2 MSCONFIG\Services: KeyIso => 3 MSCONFIG\Services: KtmRm => 3 MSCONFIG\Services: LanmanServer => 2 MSCONFIG\Services: LanmanWorkstation => 2 MSCONFIG\Services: LicCtrlService => 2 MSCONFIG\Services: lltdsvc => 3 MSCONFIG\Services: lmhosts => 2 MSCONFIG\Services: MMCSS => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MpsSvc => 2 MSCONFIG\Services: MSDTC => 3 MSCONFIG\Services: MSiSCSI => 3 MSCONFIG\Services: msiserver => 3 MSCONFIG\Services: napagent => 3 MSCONFIG\Services: Netlogon => 3 MSCONFIG\Services: Netman => 3 MSCONFIG\Services: netprofm => 3 MSCONFIG\Services: NlaSvc => 2 MSCONFIG\Services: nsi => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: nvUpdatusService => 2 MSCONFIG\Services: odserv => 3 MSCONFIG\Services: OS Selector => 2 MSCONFIG\Services: ose => 3 MSCONFIG\Services: p2pimsvc => 3 MSCONFIG\Services: p2psvc => 3 MSCONFIG\Services: PcaSvc => 2 MSCONFIG\Services: PCSUService => 2 MSCONFIG\Services: PeerDistSvc => 3 MSCONFIG\Services: PerfHost => 3 MSCONFIG\Services: pla => 3 MSCONFIG\Services: PNRPAutoReg => 3 MSCONFIG\Services: PNRPsvc => 3 MSCONFIG\Services: PolicyAgent => 3 MSCONFIG\Services: Power => 2 MSCONFIG\Services: ProtectedStorage => 3 MSCONFIG\Services: QWAVE => 3 MSCONFIG\Services: RasAuto => 3 MSCONFIG\Services: RasMan => 3 MSCONFIG\Services: RemoteRegistry => 3 MSCONFIG\Services: RpcLocator => 3 MSCONFIG\Services: SamSs => 2 MSCONFIG\Services: SCardSvr => 3 MSCONFIG\Services: SCPolicySvc => 3 MSCONFIG\Services: SDRSVC => 3 MSCONFIG\Services: SeaPort => 2 MSCONFIG\Services: seclogon => 3 MSCONFIG\Services: SENS => 2 MSCONFIG\Services: SensrSvc => 3 MSCONFIG\Services: SessionEnv => 3 MSCONFIG\Services: SharedAccess => 3 MSCONFIG\Services: ShellHWDetection => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: SNMPTRAP => 3 MSCONFIG\Services: Spooler => 2 MSCONFIG\Services: sppuinotify => 3 MSCONFIG\Services: SSDPSRV => 3 MSCONFIG\Services: SstpSvc => 3 MSCONFIG\Services: stisvc => 2 MSCONFIG\Services: StorSvc => 3 MSCONFIG\Services: swprv => 3 MSCONFIG\Services: SysMain => 2 MSCONFIG\Services: TabletInputService => 3 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: TBS => 3 MSCONFIG\Services: TermService => 3 MSCONFIG\Services: Themes => 2 MSCONFIG\Services: THREADORDER => 3 MSCONFIG\Services: TrkWks => 2 MSCONFIG\Services: TrustedInstaller => 3 MSCONFIG\Services: UI0Detect => 3 MSCONFIG\Services: UmRdpService => 3 MSCONFIG\Services: upnphost => 3 MSCONFIG\Services: UxSms => 2 MSCONFIG\Services: VaultSvc => 3 MSCONFIG\Services: vds => 3 MSCONFIG\Services: VSS => 3 MSCONFIG\Services: W32Time => 3 MSCONFIG\Services: wbengine => 3 MSCONFIG\Services: WbioSrvc => 3 MSCONFIG\Services: wcncsvc => 3 MSCONFIG\Services: WcsPlugInService => 3 MSCONFIG\Services: WdiServiceHost => 3 MSCONFIG\Services: WdiSystemHost => 3 MSCONFIG\Services: WebClient => 3 MSCONFIG\Services: Wecsvc => 3 MSCONFIG\Services: wercplsupport => 3 MSCONFIG\Services: WerSvc => 3 MSCONFIG\Services: WinDefend => 2 MSCONFIG\Services: WinHttpAutoProxySvc => 3 MSCONFIG\Services: Winmgmt => 3 MSCONFIG\Services: WinRM => 3 MSCONFIG\Services: Wlansvc => 2 MSCONFIG\Services: wmiApSrv => 3 MSCONFIG\Services: WMPNetworkSvc => 2 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\Services: WPDBusEnum => 3 MSCONFIG\Services: wscsvc => 2 MSCONFIG\Services: WSearch => 2 MSCONFIG\Services: wuauserv => 2 MSCONFIG\Services: wudfsvc => 2 MSCONFIG\Services: WwanSvc => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^forteManager.lnk => C:\Windows\pss\forteManager.lnk.CommonStartup MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart ========================= Accounts: ========================== Administrator (S-1-5-21-507852487-1521238306-3764321456-500 - Administrator - Disabled) => C:\Users\Administrator Gast (S-1-5-21-507852487-1521238306-3764321456-501 - Limited - Disabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-507852487-1521238306-3764321456-1002 - Limited - Enabled) Janine (S-1-5-21-507852487-1521238306-3764321456-1000 - Administrator - Disabled) => C:\Users\Janine Nini (S-1-5-21-507852487-1521238306-3764321456-1004 - Administrator - Enabled) => C:\Users\Nini UpdatusUser (S-1-5-21-507852487-1521238306-3764321456-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (12/07/2014 11:27:58 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/07/2014 11:17:38 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/07/2014 11:03:02 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (12/07/2014 11:16:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/07/2014 11:16:50 AM) (Source: Application Popup) (EventID: 875) (User: ) Description: Treiber atksgt.sys konnte nicht geladen werden. Error: (12/07/2014 11:16:50 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert. Error: (12/07/2014 11:16:48 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 07.12.2014 um 11:15:07 unerwartet heruntergefahren. Error: (12/07/2014 11:11:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/07/2014 11:11:09 AM) (Source: Application Popup) (EventID: 875) (User: ) Description: Treiber atksgt.sys konnte nicht geladen werden. Error: (12/07/2014 11:11:09 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert. Error: (12/07/2014 11:08:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/07/2014 11:08:01 AM) (Source: Application Popup) (EventID: 875) (User: ) Description: Treiber atksgt.sys konnte nicht geladen werden. Error: (12/07/2014 11:08:01 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert. Microsoft Office Sessions: ========================= Error: (08/18/2014 06:16:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash. Error: (08/18/2014 06:15:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash. Error: (08/18/2014 06:14:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/09/2011 08:25:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 971 seconds with 420 seconds of active time. This session ended with a crash. Error: (02/09/2011 07:44:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 84016 seconds with 2940 seconds of active time. This session ended with a crash. Error: (02/08/2011 08:24:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 789882 seconds with 8100 seconds of active time. This session ended with a crash. Error: (02/21/2010 05:15:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 902 seconds with 540 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz Percentage of memory in use: 15% Total physical RAM: 4094.49 MB Available physical RAM: 3469.32 MB Total Pagefile: 10233.69 MB Available Pagefile: 9605.47 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:596.07 GB) (Free:273.77 GB) NTFS Drive e: (USB DISK) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: DBE50493) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 248 MB) (Disk ID: BBCAABDE) Partition 1: (Active) - (Size=248 MB) - (Type=06) ==================== End Of Log ============================# |
08.12.2014, 17:26 | #4 |
/// the machine /// TB-Ausbilder | Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.12.2014, 19:42 | #5 |
| Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 Danke, Danke Danke. Ich habe wieder einen Desktop und auch wieder Netz. Ich fühl mich wieder wie ein Mensch! Einfach supper Hilfe und bin voll Happy. Der Vollständigkeit halber kommt hier auch der Auszug aus ComboFix. Combofix Logfile: Code:
ATTFilter ComboFix 14-12-10.03 - Nini 10.12.2014 19:09:39.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.3440 [GMT 1:00] ausgeführt von:: E:\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\5189442B94.sys c:\users\Janine\Favorites\Essen Geburtstag.docx c:\users\Nini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Adanak_iels c:\windows\PFRO.log c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ACEDRV11 -------\Service_acedrv11 -------\Service_npf . . ((((((((((((((((((((((( Dateien erstellt von 2014-11-10 bis 2014-12-10 )))))))))))))))))))))))))))))) . . 2014-12-10 18:20 . 2014-12-10 18:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-12-10 18:20 . 2014-12-10 18:20 -------- d-----w- c:\users\Janine\AppData\Local\temp 2014-12-10 18:20 . 2014-12-10 18:23 -------- d-----w- c:\users\Nini\AppData\Local\temp 2014-12-10 18:20 . 2014-12-10 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-12-10 18:20 . 2014-12-10 18:20 -------- d-----w- c:\users\Gast\AppData\Local\temp 2014-12-10 18:20 . 2014-12-10 18:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2014-12-07 17:35 . 2014-12-07 17:35 -------- d-----w- c:\users\Nini\AppData\Local\VirtualStore 2014-12-07 10:47 . 2014-12-07 10:47 -------- d-----w- C:\$WINDOWS.~BT 2014-12-07 09:42 . 2014-12-07 12:53 -------- d-----w- c:\windows\ERUNT 2014-12-07 09:31 . 2014-12-07 10:31 -------- d-----w- c:\users\Nini\rechner wieder Her 2014-12-07 09:10 . 2014-12-07 09:34 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-12-07 09:09 . 2014-12-07 09:09 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2014-12-07 09:09 . 2014-12-07 09:09 -------- d-----w- c:\programdata\Malwarebytes 2014-12-07 09:09 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-12-07 09:09 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-12-07 09:09 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-12-06 10:10 . 2014-12-06 10:10 -------- d-----w- C:\OETemp . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-12-10 18:23 . 2014-12-10 18:23 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79177974-F281-43BF-AA16-314904920864}\offreg.dll 2014-03-07 09:03 3109520 --sha-w- c:\windows\SysWOW64\avcodec-lav-55.dll 2014-03-07 09:03 98960 --sha-w- c:\windows\SysWOW64\avfilter-lav-4.dll 2014-03-07 09:03 550032 --sha-w- c:\windows\SysWOW64\avformat-lav-55.dll 2009-09-27 07:39 415744 --sh--w- c:\windows\SysWOW64\avisynth.dll 2014-03-07 09:03 59536 --sha-w- c:\windows\SysWOW64\avresample-lav-1.dll 2005-07-14 10:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll 2014-03-07 09:03 181392 --sha-w- c:\windows\SysWOW64\avutil-lav-52.dll 2004-02-22 08:11 764416 --sh--w- c:\windows\SysWOW64\devil.dll 2014-03-07 09:03 122512 --sha-w- c:\windows\SysWOW64\HLaudio.dll 2014-03-07 09:03 203408 --sha-w- c:\windows\SysWOW64\HLsplit.dll 2014-03-07 09:03 313520 --sha-w- c:\windows\SysWOW64\HLvideo.dll 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll 2014-03-07 09:03 109712 --sha-w- c:\windows\SysWOW64\libbluray.dll 2011-02-11 08:26 112128 --sha-w- c:\windows\SysWOW64\OptimFROG.dll 2014-03-07 09:03 118416 --sha-w- c:\windows\SysWOW64\swscale-lav-2.dll 2010-01-06 22:00 107520 --sha-w- c:\windows\SysWOW64\TAKDSDecoder.dll 2012-10-05 17:54 188416 --sha-w- c:\windows\SysWOW64\winDCE32.dll 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableSecureUIAPath"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux9"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start . R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x] R4 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x] R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R4 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x] R4 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x] R4 OS Selector;Acronis OS Selector Activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [x] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-11-25 22:37 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 13:02] . 2014-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 13:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX1000"="c:\windows\vVX1000.exe" [2009-06-30 762224] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.de/ mDefault_Search_URL = about:blank mDefault_Page_URL = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = about:blank uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = http=127.0.0.1:49173;https=127.0.0.1:49173 uSearchAssistant = hxxp://www.google.com IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-Run-Avira Systray - c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F] "1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8, d5,42,54,3b,7e,24,3e,19,f8 "2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61, 5e,d2,5e,7f,21,14,b5,b2,29 "3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8, d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\58BBB2CAA762B86BF8228F8849EB5144] "1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2, b0,50,94,16,01,b2,17,1a,42 "2"=hex:84,00,a2,e9,a5,84,bc,35 "3"=hex:81,20,8f,ab,28,6a,52,9c "4"=hex:2f,ad,a2,e7,8a,bf,05,5e "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55, 1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\ "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4, 51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20 "7"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2, b0,53,74,ea,24,5b,d9,02,83 "8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,dd,5f,b3,ed,0b,f3,84, 77,45,a9,de,2e,a4,95,f6,88,d1,8e,cf,5a,45,90,66,fc,23,93,03,59,55,2d,c6,bd,\ "9"=hex:81,20,8f,ab,28,6a,52,9c "18"=hex:70,56,26,33,e3,20,f8,ab "10"=hex:81,20,8f,ab,28,6a,52,9c "11"=hex:81,20,8f,ab,28,6a,52,9c "12"=hex:81,20,8f,ab,28,6a,52,9c "13"=hex:81,20,8f,ab,28,6a,52,9c "14"=hex:81,20,8f,ab,28,6a,52,9c "24"=hex:81,20,8f,ab,28,6a,52,9c "26"=hex:81,20,8f,ab,28,6a,52,9c "27"=hex:81,20,8f,ab,28,6a,52,9c "19"=hex:81,20,8f,ab,28,6a,52,9c "22"=hex:81,20,8f,ab,28,6a,52,9c . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-12-10 19:26:13 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-12-10 18:26 . Vor Suchlauf: 13 Verzeichnis(se), 304.828.002.304 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 308.457.660.416 Bytes frei . - - End Of File - - 23A73B607F72071072D88EA93EF98E01 A36C5E4F47E84449FF07ED3517B43A31 [/CODE] |
11.12.2014, 19:54 | #6 |
/// the machine /// TB-Ausbilder | Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 |
14.12.2014, 15:08 | #7 |
| Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 Hallo erst mal. Wie gesagt der Desktop ist schon mal wieder da. Die Programme hatte ich ja bereits instaliert und wie empfohlen hänge ich auch noch einmal die txt. Dateien an. Adw Cleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 14/12/2014 um 11:55:44 # Aktualisiert 08/12/2014 von Xplode # Database : 2014-12-08.2 [Local] # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Nini - JANINE-PC # Gestartet von : F:\Programme\AdwCleaner_4.105.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370} Schlüssel Gelöscht : HKLM\SOFTWARE\VideoPlayerV3 ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16421 -\\ Mozilla Firefox v20.0.1 (de) -\\ Google Chrome v39.0.2171.71 ************************* AdwCleaner[R0].txt - [371 octets] - [14/12/2014 11:09:54] AdwCleaner[R1].txt - [2015 octets] - [14/12/2014 11:38:44] AdwCleaner[S0].txt - [1928 octets] - [14/12/2014 11:55:44] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1988 octets] ########## Malewear Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.12.2014 Suchlauf-Zeit: 11:21:17 Logdatei: Malwarebytes Anti-Malware neu.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.11.20.06 Rootkit Datenbank: v2014.11.18.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Nini Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 497335 Verstrichene Zeit: 15 Min, 5 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Professional x64 Ran by Nini on 14.12.2014 at 13:39:04,71 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.12.2014 at 13:42:51,82 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01 Ran by Nini (administrator) on JANINE-PC on 14-12-2014 14:08:30 Running from F:\Programme Loaded Profiles: UpdatusUser & Nini (Available profiles: Janine & UpdatusUser & Nini & Administrator & Gast) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\vVX1000.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation) Startup: C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\Janine\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-507852487-1521238306-3764321456-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [S-1-5-21-507852487-1521238306-3764321456-1004] => http=127.0.0.1:49173;https=127.0.0.1:49173 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFB04E8402B7DCE01 HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-507852487-1521238306-3764321456-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> c:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog5-x64 07 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-05] FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-08-10] FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-08-10] FF Extension: No Name - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\extensions\e49d3f99-7c89-4eb4-99f3-ff903e2189b2@5288754a-7a48-41a0-a10f-e98c9ac12040.com [Not Found] FF Extension: No Name - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com [Not Found] FF Extension: No Name - C:\Program Files\Nightly\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> CHR Profile: C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default CHR Extension: (Google Docs) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-11] CHR Extension: (Google Drive) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-11] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-11] CHR Extension: (Adblock Plus) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-05] CHR Extension: (Google-Suche) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-11] CHR Extension: (Google Wallet) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-11] CHR Extension: (Google Mail) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-11] CHR HKLM-x32\...\Chrome\Extension: [bcpbcngonbobipkhkdkfffkgpmnmeola] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5650\ch\RichMediaViewV1release5650.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bgnnkhlplihnikcljmlfleknmajpdieg] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta2061\ch\VideoPlayerV3beta2061.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bjhjcbjpdohojlfpalfnediiibbdkabh] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode1096\ch\MediaBuzzV1mode1096.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dopemniaeocfenlpnoannaefnhfcjcgi] - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\Default\Extensions\searchswitch.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [ejgjpkdliopkjhenfaioejboibiagbcc] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha216\ch\MediaViewerV1alpha216.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [gmpcjdhphhdfnflcgpgeneojihpojidm] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4611\ch\MediaViewV1alpha4611.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [goodaalebnjpdnjgbjpbbllmmphdbgmi] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha329\ch\MediaViewV1alpha329.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [inleambckaaohcdcbmhnbklmakeccnei] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha5271\ch\TrustMediaViewerV1alpha5271.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [lehbeodgjfnoeiaonejbbdeebmmknjlj] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home63\ch\MediaWatchV1home63.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S4 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) S4 LicCtrlService; C:\Windows\runservice.exe [2560 2011-07-17] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S4 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2010-05-25] () S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] S4 Avira.OE.ServiceHost; "C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2013-03-25] () S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.) [File not signed] S3 BrUsbSer; C:\Windows\System32\DRIVERS\BrUsbSer.sys [19584 2006-09-02] (Brother Industries Ltd.) [File not signed] R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2013-03-17] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-14 14:08 - 2014-12-14 14:08 - 00000000 ____D () C:\FRST 2014-12-11 18:48 - 2014-12-11 18:48 - 00000000 ____D () C:\$WINDOWS.~BT 2014-12-11 16:53 - 2014-12-14 11:56 - 00000676 _____ () C:\Windows\PFRO.log 2014-12-10 19:05 - 2014-12-10 19:24 - 00000000 ____D () C:\Windows\erdnt 2014-12-07 19:42 - 2014-12-07 19:46 - 00000000 _____ () C:\Recovery.txt 2014-12-07 18:35 - 2014-12-07 18:35 - 00000000 ____D () C:\Users\Nini\AppData\Local\VirtualStore 2014-12-07 11:24 - 2014-12-14 14:06 - 00001131 _____ () C:\DelFix.txt 2014-12-07 10:42 - 2014-12-07 13:53 - 00000000 ____D () C:\Windows\ERUNT 2014-12-07 10:31 - 2014-12-14 14:07 - 00000000 ____D () C:\Users\Nini\rechner wieder Her 2014-12-07 10:10 - 2014-12-14 11:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-07 10:09 - 2014-12-14 11:20 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-07 10:09 - 2014-12-14 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-07 10:09 - 2014-12-14 11:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-07 10:09 - 2014-12-07 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-07 10:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-07 10:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-07 10:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-06 11:10 - 2014-12-06 11:10 - 00000000 ____D () C:\OETemp 2014-12-06 08:50 - 2014-12-11 18:49 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-12-06 08:50 - 2014-12-11 18:49 - 00001908 _____ () C:\Windows\diagerr.xml ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-14 13:36 - 2013-04-03 14:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-14 12:04 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-14 12:04 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-14 12:00 - 2009-10-22 11:48 - 01918287 _____ () C:\Windows\WindowsUpdate.log 2014-12-14 11:57 - 2013-04-03 14:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-14 11:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-14 11:56 - 2009-07-14 05:51 - 00003045 _____ () C:\Windows\setupact.log 2014-12-14 11:10 - 2009-07-14 18:58 - 00653928 _____ () C:\Windows\system32\perfh007.dat 2014-12-14 11:10 - 2009-07-14 18:58 - 00129800 _____ () C:\Windows\system32\perfc007.dat 2014-12-14 11:10 - 2009-07-14 06:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-13 17:15 - 2013-04-04 19:27 - 00000000 ____D () C:\Users\Nini\AppData\Roaming\dvdcss 2014-12-13 16:16 - 2013-04-04 19:27 - 00000000 ____D () C:\Users\Nini\AppData\Roaming\vlc 2014-12-11 18:47 - 2009-07-14 05:51 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-10 19:22 - 2014-01-29 16:11 - 00002096 __RSH () C:\ProgramData\ntuser.pol 2014-12-10 19:22 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-10 19:21 - 2009-07-14 03:34 - 64225280 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-12-10 19:21 - 2009-07-14 03:34 - 38535168 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-12-10 19:21 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-12-10 19:21 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-12-10 19:21 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-12-07 10:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA 2014-12-07 10:31 - 2013-04-02 20:00 - 00000000 ____D () C:\Users\Nini 2014-12-06 15:32 - 2013-08-15 08:15 - 00000000 ____D () C:\Users\Nini\AppData\Local\TubeBox 2014-12-06 15:32 - 2013-01-12 10:55 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-06 15:32 - 2013-01-12 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec 2014-12-06 15:20 - 2013-11-12 20:07 - 00001264 _____ () C:\Users\Nini\Desktop\Revo Uninstaller.lnk 2014-12-06 15:20 - 2013-01-12 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-06 10:51 - 2013-08-15 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-06 10:51 - 2012-09-08 06:18 - 00000000 ____D () C:\ProgramData\Avira 2014-12-06 10:21 - 2011-07-17 07:06 - 00000609 ___SH () C:\Windows\SysWOW64\mmf.sys 2014-12-06 10:19 - 2014-11-08 09:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla FireFox 2014-11-30 00:53 - 2009-10-22 11:54 - 00000000 ____D () C:\Recovery 2014-11-30 00:47 - 2013-04-02 15:02 - 00000000 ____D () C:\Users\Gast 2014-11-30 00:47 - 2013-03-25 13:11 - 00000000 ____D () C:\Users\Administrator 2014-11-30 00:47 - 2011-11-08 10:15 - 00000000 ____D () C:\Program Files (x86)\JLC's Software 2014-11-30 00:47 - 2010-11-22 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis 2014-11-30 00:47 - 2010-11-22 11:53 - 00000000 ____D () C:\Program Files (x86)\Acronis 2014-11-30 00:47 - 2009-10-22 11:54 - 00000000 ____D () C:\Users\Janine 2014-11-30 00:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-11-29 16:50 - 2014-11-08 08:59 - 00000125 ___SH () C:\ProgramData\.zreglib 2014-11-25 23:39 - 2014-03-11 17:14 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-19 22:39 - 2010-04-02 13:42 - 00000034 _____ () C:\Windows\cdplayer.ini 2014-11-15 11:31 - 2013-04-03 14:02 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-15 11:31 - 2013-04-03 14:02 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Nini\AppData\Local\temp\Quarantine.exe C:\Users\Nini\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 09:08 ==================== End Of Log ============================ --- --- --- --- --- --- das Additional Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01 Ran by Nini at 2014-12-14 14:09:11 Running from F:\Programme Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis*Disk*Director*Home (HKLM-x32\...\{9CCC78EF-027E-40E0-9B61-39932C65E3FE}) (Version: 11.0.216 - Acronis) ADI USB ADSL LAN Adapter (HKLM-x32\...\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}) (Version: - ) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated) Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland) Audiograbber Lame-MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG) Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden Bing Bar Platform (x32 Version: 6.3.2291.0 - Microsoft Corporation) Hidden Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation) Free Video Dub version 2.0.21.822 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.822 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.34.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.) Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation) FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin) GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{AF43C18E-693D-4126-B190-8F55E3623D5D}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard) HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - ) IsoBuster 2.8 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8 - Smart Projects) Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle) Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.) Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) JLC's Internet TV (HKLM-x32\...\JLC's Internet TV) (Version: - ) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office PowerPoint 2007 (HKLM-x32\...\POWERPOINT) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0a1 - Mozilla) MSI Afterburner 2.1.0 (HKLM-x32\...\Afterburner) (Version: 2.1.0 - MSI Co., LTD) MSI Kombustor(BETA) v0.7.0 (HKLM-x32\...\MSI Kombustor(BETA)_is1) (Version: - MSI) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall) NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation) NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH) PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: - Jan Fiala) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc) SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.296 - TuneUp Software) Hidden Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team) WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-507852487-1521238306-3764321456-1004_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll () ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-12-10 19:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1C020B8D-BE13-49D6-BEBD-F0FA5C94B7DC} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => c:\Program Files\Java\jre6\bin\jusched.exe [2012-09-30] (Sun Microsystems, Inc.) Task: {24F51262-6055-4DEA-B698-86DBCCC26D0D} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2004-04-17] (InstallShield Software Corporation) Task: {32F10DA7-958A-4A5D-B60A-82BD68D7FBFD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated) Task: {47C76D72-82E0-4B17-A5B9-32C53D7E7F32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03] (Google Inc.) Task: {71F0BB36-37F4-4754-9694-9117059A0030} - System32\Tasks\{B8BD125C-F190-4768-8AC3-AC2F158113DF} => C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe Task: {80671ADD-1850-4478-AC52-F2945BA83E24} - System32\Tasks\{C4151EC2-2D9F-49EE-B833-435FE3A9BE51} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {9F9953F9-C4CA-4D65-A9D6-BACB897E0048} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard) Task: {B2444B34-3D98-465C-9635-61E9DEC79E1A} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.) Task: {B73DFC78-837A-4C4D-B9AF-48A85A8A7C30} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16] (InstallShield Software Corporation) Task: {B7BE6DF8-5F57-4F20-A284-FCDF235DFD78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03] (Google Inc.) Task: {FE3AF70D-09C3-4FE0-BC8D-7617984B7487} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-12-06 14:52 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2014-01-03 07:59 - 2014-02-10 18:04 - 00430080 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeActiveFileMonitor8.0 => 3 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AeLookupSvc => 3 MSCONFIG\Services: ALG => 3 MSCONFIG\Services: AppIDSvc => 3 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: AppMgmt => 3 MSCONFIG\Services: AudioEndpointBuilder => 2 MSCONFIG\Services: AudioSrv => 2 MSCONFIG\Services: Avira.OE.ServiceHost => 2 MSCONFIG\Services: AxInstSV => 3 MSCONFIG\Services: BDESVC => 3 MSCONFIG\Services: BFE => 2 MSCONFIG\Services: BITS => 2 MSCONFIG\Services: Browser => 3 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: CertPropSvc => 3 MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2 MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2 MSCONFIG\Services: COMSysApp => 3 MSCONFIG\Services: CryptSvc => 2 MSCONFIG\Services: CscService => 2 MSCONFIG\Services: defragsvc => 3 MSCONFIG\Services: Dhcp => 2 MSCONFIG\Services: Dnscache => 2 MSCONFIG\Services: dot3svc => 3 MSCONFIG\Services: DPS => 2 MSCONFIG\Services: EapHost => 3 MSCONFIG\Services: EFS => 3 MSCONFIG\Services: ehRecvr => 3 MSCONFIG\Services: ehSched => 3 MSCONFIG\Services: eventlog => 2 MSCONFIG\Services: EventSystem => 2 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: fdPHost => 3 MSCONFIG\Services: FDResPub => 3 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: FontCache => 2 MSCONFIG\Services: FontCache3.0.0.0 => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: hidserv => 3 MSCONFIG\Services: hkmsvc => 3 MSCONFIG\Services: HomeGroupListener => 3 MSCONFIG\Services: HomeGroupProvider => 3 MSCONFIG\Services: IDriverT => 3 MSCONFIG\Services: idsvc => 3 MSCONFIG\Services: IGDCTRL => 2 MSCONFIG\Services: IKEEXT => 2 MSCONFIG\Services: IPBusEnum => 3 MSCONFIG\Services: iphlpsvc => 2 MSCONFIG\Services: KeyIso => 3 MSCONFIG\Services: KtmRm => 3 MSCONFIG\Services: LanmanServer => 2 MSCONFIG\Services: LanmanWorkstation => 2 MSCONFIG\Services: LicCtrlService => 2 MSCONFIG\Services: lltdsvc => 3 MSCONFIG\Services: lmhosts => 2 MSCONFIG\Services: MMCSS => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MpsSvc => 2 MSCONFIG\Services: MSDTC => 3 MSCONFIG\Services: MSiSCSI => 3 MSCONFIG\Services: msiserver => 3 MSCONFIG\Services: napagent => 3 MSCONFIG\Services: Netlogon => 3 MSCONFIG\Services: Netman => 3 MSCONFIG\Services: netprofm => 3 MSCONFIG\Services: NlaSvc => 2 MSCONFIG\Services: nsi => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: nvUpdatusService => 2 MSCONFIG\Services: odserv => 3 MSCONFIG\Services: OS Selector => 2 MSCONFIG\Services: ose => 3 MSCONFIG\Services: p2pimsvc => 3 MSCONFIG\Services: p2psvc => 3 MSCONFIG\Services: PcaSvc => 2 MSCONFIG\Services: PCSUService => 2 MSCONFIG\Services: PeerDistSvc => 3 MSCONFIG\Services: PerfHost => 3 MSCONFIG\Services: pla => 3 MSCONFIG\Services: PNRPAutoReg => 3 MSCONFIG\Services: PNRPsvc => 3 MSCONFIG\Services: PolicyAgent => 3 MSCONFIG\Services: Power => 2 MSCONFIG\Services: ProtectedStorage => 3 MSCONFIG\Services: QWAVE => 3 MSCONFIG\Services: RasAuto => 3 MSCONFIG\Services: RasMan => 3 MSCONFIG\Services: RemoteRegistry => 3 MSCONFIG\Services: RpcLocator => 3 MSCONFIG\Services: SamSs => 2 MSCONFIG\Services: SCardSvr => 3 MSCONFIG\Services: SCPolicySvc => 3 MSCONFIG\Services: SDRSVC => 3 MSCONFIG\Services: SeaPort => 2 MSCONFIG\Services: seclogon => 3 MSCONFIG\Services: SENS => 2 MSCONFIG\Services: SensrSvc => 3 MSCONFIG\Services: SessionEnv => 3 MSCONFIG\Services: SharedAccess => 3 MSCONFIG\Services: ShellHWDetection => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: SNMPTRAP => 3 MSCONFIG\Services: Spooler => 2 MSCONFIG\Services: sppuinotify => 3 MSCONFIG\Services: SSDPSRV => 3 MSCONFIG\Services: SstpSvc => 3 MSCONFIG\Services: stisvc => 2 MSCONFIG\Services: StorSvc => 3 MSCONFIG\Services: swprv => 3 MSCONFIG\Services: SysMain => 2 MSCONFIG\Services: TabletInputService => 3 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: TBS => 3 MSCONFIG\Services: TermService => 3 MSCONFIG\Services: Themes => 2 MSCONFIG\Services: THREADORDER => 3 MSCONFIG\Services: TrkWks => 2 MSCONFIG\Services: TrustedInstaller => 3 MSCONFIG\Services: UI0Detect => 3 MSCONFIG\Services: UmRdpService => 3 MSCONFIG\Services: upnphost => 3 MSCONFIG\Services: UxSms => 2 MSCONFIG\Services: VaultSvc => 3 MSCONFIG\Services: vds => 3 MSCONFIG\Services: VSS => 3 MSCONFIG\Services: W32Time => 3 MSCONFIG\Services: wbengine => 3 MSCONFIG\Services: WbioSrvc => 3 MSCONFIG\Services: wcncsvc => 3 MSCONFIG\Services: WcsPlugInService => 3 MSCONFIG\Services: WdiServiceHost => 3 MSCONFIG\Services: WdiSystemHost => 3 MSCONFIG\Services: WebClient => 3 MSCONFIG\Services: Wecsvc => 3 MSCONFIG\Services: wercplsupport => 3 MSCONFIG\Services: WerSvc => 3 MSCONFIG\Services: WinDefend => 2 MSCONFIG\Services: WinHttpAutoProxySvc => 3 MSCONFIG\Services: Winmgmt => 3 MSCONFIG\Services: WinRM => 3 MSCONFIG\Services: Wlansvc => 2 MSCONFIG\Services: wmiApSrv => 3 MSCONFIG\Services: WMPNetworkSvc => 2 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\Services: WPDBusEnum => 3 MSCONFIG\Services: wscsvc => 2 MSCONFIG\Services: WSearch => 2 MSCONFIG\Services: wuauserv => 2 MSCONFIG\Services: wudfsvc => 2 MSCONFIG\Services: WwanSvc => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^forteManager.lnk => C:\Windows\pss\forteManager.lnk.CommonStartup MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart ========================= Accounts: ========================== Administrator (S-1-5-21-507852487-1521238306-3764321456-500 - Administrator - Disabled) => C:\Users\Administrator Gast (S-1-5-21-507852487-1521238306-3764321456-501 - Limited - Disabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-507852487-1521238306-3764321456-1002 - Limited - Enabled) Janine (S-1-5-21-507852487-1521238306-3764321456-1000 - Administrator - Disabled) => C:\Users\Janine Nini (S-1-5-21-507852487-1521238306-3764321456-1004 - Administrator - Enabled) => C:\Users\Nini UpdatusUser (S-1-5-21-507852487-1521238306-3764321456-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/14/2014 02:09:12 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] ist ein Fehler aufgetreten. Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen Schattenkopien abfragen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshotkontext: 13 Snapshotkontext: 13 Ausführungskontext: Coordinator Error: (12/14/2014 02:09:12 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen Schattenkopien abfragen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshotkontext: 13 Snapshotkontext: 13 Ausführungskontext: Coordinator Error: (12/14/2014 02:06:55 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = F:\Programme\delfix_10.8.exe ; Beschreibung = Ende der Bereinigung; Fehler = 0x80042302). Error: (12/14/2014 02:06:55 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten. . Error: (12/14/2014 02:06:55 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] ist ein Fehler aufgetreten. Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Anbieterverwaltungsschnittstelle wird abgerufen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {00000000-0000-0000-0000-000000000000} Snapshotkontext: -1 Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Error: (12/14/2014 02:06:55 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Anbieterverwaltungsschnittstelle wird abgerufen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {00000000-0000-0000-0000-000000000000} Snapshotkontext: -1 Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Error: (12/14/2014 02:06:55 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. . Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {232cdce1-96a7-4a39-92d2-a7ed6a13c43b} Error: (12/14/2014 02:06:55 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {232cdce1-96a7-4a39-92d2-a7ed6a13c43b} Error: (12/14/2014 02:06:55 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. . Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4} Generatorname: ASR Writer Generatorinstanz-ID: {277e59df-37de-4fdb-92dc-2899284c0895} Error: (12/14/2014 02:06:55 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4} Generatorname: ASR Writer Generatorinstanz-ID: {277e59df-37de-4fdb-92dc-2899284c0895} System errors: ============= Error: (12/14/2014 02:07:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/14/2014 02:07:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/14/2014 02:07:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/14/2014 02:07:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/14/2014 02:07:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/14/2014 02:07:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/14/2014 02:07:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/14/2014 02:07:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/14/2014 02:07:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/14/2014 02:07:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Microsoft Office Sessions: ========================= Error: (08/18/2014 06:16:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash. Error: (08/18/2014 06:15:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash. Error: (08/18/2014 06:14:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/09/2011 08:25:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 971 seconds with 420 seconds of active time. This session ended with a crash. Error: (02/09/2011 07:44:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 84016 seconds with 2940 seconds of active time. This session ended with a crash. Error: (02/08/2011 08:24:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 789882 seconds with 8100 seconds of active time. This session ended with a crash. Error: (02/21/2010 05:15:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 902 seconds with 540 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-12-10 19:19:54.984 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-12-10 19:19:54.953 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz Percentage of memory in use: 23% Total physical RAM: 4094.49 MB Available physical RAM: 3131.15 MB Total Pagefile: 10233.69 MB Available Pagefile: 9118.02 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:596.07 GB) (Free:287.4 GB) NTFS Drive f: (USB DISK) (Removable) (Total:0.24 GB) (Free:0.21 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: DBE50493) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 248 MB) (Disk ID: BBCAABDE) Partition 1: (Active) - (Size=248 MB) - (Type=06) ==================== End Of Log ============================ Die Meldung mit dem Internet war dagegen etwas verfrüht. Den Ton habe ich mittlerweile dank einem anderen Treade von hier wieder bekommen. Das lag an ein paar deaktivierten Diensten. Leider meldetdas System mir einen Fehler 711 RASV. Vielleicht habt ihr ja da auch einen Tipp. Die Dienste habe ich schon versucht zu aktivieren. Liebe Grüße |
14.12.2014, 20:50 | #8 | |
/// the machine /// TB-Ausbilder | Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.12.2014, 21:45 | #9 |
| Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 Einen schönen guten Abend, also nach dem Starten, meldet mir das System unten Rechts es wäre keine Verbindung zm Netzwerk vorhanden. Die Problembehebung selbst meldet mir, dass es das Problem nicht identifizieren kann. In der Systemsteuerung zeigt er mir auch kein Netzwerk an. Da mein Vater über W-Lan den Laptop betreibt und auch das Handy Wlan anzeigt muss es also aktiv sein, sonst könnte ich hier kaum was schreiben. Beim einrichten in der Systemsteuer zeigt er mir den Fehler 711 an. Wenn ich Google Chrome starte öffnet sich zwar die Startseite von Google jedoch bekomme ich die Fehlermeldung, dass die Seite nicht verfügbar ist. Chrome liegt dabei noch einige Hilfestellungen unter anderem, dass man unter den Einstellungen von Chrome bei dem Proxyserver Einstellung eine Änderung vornehmen soll/könnte. Mir wird dabei die Breitbandverbindung angezeigt, wenn ich mir die Eigenschafften anschaue bzw. ändern möchte erhalte ich wieder diese Fehlermeldung (ausführlicher). RAS Verbindungsverwaltung kann nicht gestartet werden. Fehler 711. Der RAS-Vebindungsverwaltungsdienst konnte nicht rechtzeitig gestartet werden. In einem forumsbeitrag habe ich gelesen, dass man hierbei über Starte die Dienste aufrufen kann und den entsprechenden Dienst auf Automatisch setzten soll. Mir zeigt das System zweie an, einmal Routing und RAS sowie RAS-Verbindungsverwaltung beide habe ich wie empfohlen von Deaktiviert auf Automatisch gestellt. Die Fehlermeldung bleibt jedoch bestehen. LG Nini |
15.12.2014, 19:32 | #10 |
/// the machine /// TB-Ausbilder | Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
18.12.2014, 06:23 | #11 |
| Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 Lieber Schrauber, herzlichen Dank, auch der Fehler ist behoben. Damit hast du mir dieses Jahr vermutlich das schönste Weihnachtsgeschenk gemacht. Ich wünsch dir ein schönes Fest und guten Rutsch und sag nochmals ganz herzlich Danke. LG Nini |
18.12.2014, 21:05 | #12 |
/// the machine /// TB-Ausbilder | Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 Dann machen wir noch schnell KOntrollscans ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.12.2014, 15:47 | #13 |
| Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 Gut mache ich. Ich glaube aber ich habe mir beim laden des Scanners gleich wieder was eingefangen. Zumindest hat er 13 Fehler gemeldet. ESET Online Scanner Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=37b1e308eddc5d49a86bbd96df228ed1 # engine=21635 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-12-19 10:10:12 # local_time=2014-12-19 11:10:12 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 30313 170656862 0 0 # scanned=779210 # found=18 # cleaned=16 # scan_time=16700 sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[1].0" sh=F01099E4422FDED0661CF4A526DA68E5E68A3DDD ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AskToolbar\avira.cab" sh=8024D29FA23B457A440120D6357B105DE3447FFA ft=0 fh=0000000000000000 vn="Variante von Win32/Keygen.BH potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Download\Adobe Photoshop 8.0\Adobe Photoshop Elements 8.0\Adobe.Photoshop.Elements.v8.0.Multilingual.ESD.ISO-CORE.iso" sh=349CA9FEC7DF5635B9853DB15BC50F9C8C329A1D ft=0 fh=0000000000000000 vn="Variante von Win32/Keygen.BH potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Download\Adobe Photoshop 8.0\Adobe.Premiere.Elements.v8.0\Adobe.Premiere.Elements.v8.0.Multilingual.ESD.ISO-CORE.iso" sh=B19CC197BF0BEDECD6794B4EE06E4B6C64788C09 ft=1 fh=d6ef2b1c4c8e2162 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Downloadarchiv\isobuster27_all_lang.exe" sh=3CDB0690A360AE9C725D642E890D16005AD72D30 ft=1 fh=db21275f6a7eaec5 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\VideoPlayer\VAFChecker.exe" sh=E88952A7C68BC64AD84A88AB73A4DAFBDAB80580 ft=1 fh=bc7fcb22b92a1d08 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll" sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nini\AppData\Local\temp\10851772.Uninstall\uninstaller.exe" sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nini\AppData\Local\temp\is765589038\5D4B7A38_stp\uninstaller.exe" sh=1E92E1AF2BAD67A74F161C0FFD164AD9EC5F0A41 ft=1 fh=0d113439e5e230ad vn="Variante von Win32/InstallCore.UF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nini\Downloads\FileOpenerSetup.exe" sh=0394AB95AC762A9623404BEA528B5047E4935645 ft=0 fh=0000000000000000 vn="Win32/HackKMS.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nini\Hörbuch\Office_Professional_Plus_2010_(x86)-(German).rar" sh=8024D29FA23B457A440120D6357B105DE3447FFA ft=0 fh=0000000000000000 vn="Variante von Win32/Keygen.BH potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nini\nini\Adobe Photoshop 8.0\Adobe Photoshop Elements 8.0\Adobe.Photoshop.Elements.v8.0.Multilingual.ESD.ISO-CORE.iso" sh=349CA9FEC7DF5635B9853DB15BC50F9C8C329A1D ft=0 fh=0000000000000000 vn="Variante von Win32/Keygen.BH potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nini\nini\Adobe Photoshop 8.0\Adobe.Premiere.Elements.v8.0\Adobe.Premiere.Elements.v8.0.Multilingual.ESD.ISO-CORE.iso" sh=FF273D0017363755214FA5CD888C2C2D54721700 ft=1 fh=0089eae0191970f8 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll" sh=A70EFAB5F2D2D83AD2B7E0304169C73F6D0EC700 ft=1 fh=011924ad9c4ebdbf vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll" sh=E49B25E89541B5DBCE1777046B0240B6AAD84864 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\2088d.msi" sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[1].0" sh=F01099E4422FDED0661CF4A526DA68E5E68A3DDD ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\AskToolbar\avira.cab" # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=37b1e308eddc5d49a86bbd96df228ed1 # engine=21644 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-12-20 11:42:32 # local_time=2014-12-20 12:42:32 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 12587 170705602 0 0 # scanned=265752 # found=0 # cleaned=0 # scan_time=3426 Beim Security Check kam nur die eine Zeile raus Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED! Sorry das FRST vergessen mit zu liefern. Wird promt nachgeholt. FRST.txt. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014 Ran by Nini (administrator) on JANINE-PC on 20-12-2014 15:42:15 Running from F:\Programme Loaded Profiles: UpdatusUser & Nini (Available profiles: Janine & UpdatusUser & Nini & Administrator & Gast) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corporation) C:\Windows\vVX1000.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation) Startup: C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\Janine\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-507852487-1521238306-3764321456-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-507852487-1521238306-3764321456-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_51_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDzyyEyC0B0Fzy0F0F0DyCtN0D0Tzu0StCtDzztAtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0E0Ezy0CtDyD0CtG0BtCyEzztGtA0A0CzytG0FyD0A0CtGyDtDyEyEyByCtBtCyEyC0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EtD0ByBtBtCtAtG0CzytByCtGyE0AyEzytGzztA0C0FtGyBtBtAtC0Azy0DtBtD0CtBtC2Q&cr=1229899044&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_51_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDzyyEyC0B0Fzy0F0F0DyCtN0D0Tzu0StCtDzztAtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0E0Ezy0CtDyD0CtG0BtCyEzztGtA0A0CzytG0FyD0A0CtGyDtDyEyEyByCtBtCyEyC0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EtD0ByBtBtCtAtG0CzytByCtGyE0AyEzytGzztA0C0FtGyBtBtAtC0Azy0DtBtD0CtBtC2Q&cr=1229899044&ir= SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-507852487-1521238306-3764321456-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-507852487-1521238306-3764321456-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKU\S-1-5-21-507852487-1521238306-3764321456-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> c:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog5-x64 07 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-05] FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-08-10] FF Extension: No Name - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\extensions\e49d3f99-7c89-4eb4-99f3-ff903e2189b2@5288754a-7a48-41a0-a10f-e98c9ac12040.com [Not Found] FF Extension: No Name - C:\Users\Nini\AppData\Roaming\Mozilla\Firefox\Profiles\rb99wklk.default-1388954994189\extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com [Not Found] FF Extension: No Name - C:\Program Files\Nightly\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_51_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDzyyEyC0B0Fzy0F0F0DyCtN0D0Tzu0StCtDzztAtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0E0Ezy0CtDyD0CtG0BtCyEzztGtA0A0CzytG0FyD0A0CtGyDtDyEyEyByCtBtCyEyC0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EtD0ByBtBtCtAtG0CzytByCtGyE0AyEzytGzztA0C0FtGyBtBtAtC0Azy0DtBtD0CtBtC2Q&cr=1229899044&ir= CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ggfc_14_51_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDzyyEyC0B0Fzy0F0F0DyCtN0D0Tzu0StCtDzztAtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0E0Ezy0CtDyD0CtG0BtCyEzztGtA0A0CzytG0FyD0A0CtGyDtDyEyEyByCtBtCyEyC0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EtD0ByBtBtCtAtG0CzytByCtGyE0AyEzytGzztA0C0FtGyBtBtAtC0Azy0DtBtD0CtBtC2Q&cr=1229899044&ir=" CHR DefaultSearchKeyword: Default -> vosteran.com CHR DefaultSearchURL: Default -> hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_51_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDzyyEyC0B0Fzy0F0F0DyCtN0D0Tzu0StCtDzztAtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0E0Ezy0CtDyD0CtG0BtCyEzztGtA0A0CzytG0FyD0A0CtGyDtDyEyEyByCtBtCyEyC0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EtD0ByBtBtCtAtG0CzytByCtGyE0AyEzytGzztA0C0FtGyBtBtAtC0Azy0DtBtD0CtBtC2Q&cr=1229899044&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default CHR Extension: (Google Docs) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-11] CHR Extension: (Google Drive) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-11] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-11] CHR Extension: (Adblock Plus) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-05] CHR Extension: (Google-Suche) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-11] CHR Extension: (Google Wallet) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-11] CHR Extension: (Google Mail) - C:\Users\Nini\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-11] CHR HKLM-x32\...\Chrome\Extension: [bcpbcngonbobipkhkdkfffkgpmnmeola] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release5650\ch\RichMediaViewV1release5650.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bgnnkhlplihnikcljmlfleknmajpdieg] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta2061\ch\VideoPlayerV3beta2061.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bjhjcbjpdohojlfpalfnediiibbdkabh] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode1096\ch\MediaBuzzV1mode1096.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [ejgjpkdliopkjhenfaioejboibiagbcc] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha216\ch\MediaViewerV1alpha216.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [gmpcjdhphhdfnflcgpgeneojihpojidm] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4611\ch\MediaViewV1alpha4611.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [goodaalebnjpdnjgbjpbbllmmphdbgmi] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha329\ch\MediaViewV1alpha329.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [inleambckaaohcdcbmhnbklmakeccnei] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha5271\ch\TrustMediaViewerV1alpha5271.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [lehbeodgjfnoeiaonejbbdeebmmknjlj] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home63\ch\MediaWatchV1home63.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S4 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) S4 LicCtrlService; C:\Windows\runservice.exe [2560 2011-07-17] () [File not signed] S4 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2010-05-25] () S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] S4 Avira.OE.ServiceHost; "C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2013-03-25] () S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.) [File not signed] S3 BrUsbSer; C:\Windows\System32\DRIVERS\BrUsbSer.sys [19584 2006-09-02] (Brother Industries Ltd.) [File not signed] R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2013-03-17] () R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-20 08:16 - 2014-12-20 08:16 - 01559108 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-12-20 07:51 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2014-12-20 07:23 - 2014-12-20 07:51 - 00016063 _____ () C:\Windows\IE11_main.log 2014-12-20 03:33 - 2014-12-20 03:33 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2014-12-20 03:33 - 2014-12-20 03:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2014-12-20 03:02 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-12-20 03:02 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-12-20 03:02 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-12-20 03:02 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-12-20 03:02 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-12-20 03:02 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-12-20 03:01 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-12-20 03:01 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-12-19 18:27 - 2014-12-20 11:09 - 00000000 ____D () C:\ProgramData\Norton 2014-12-19 18:25 - 2014-12-19 18:25 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-19 18:22 - 2014-12-20 11:36 - 00000000 ____D () C:\Users\Nini\AppData\Roaming\DigitalSites 2014-12-19 15:28 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-12-19 15:28 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-12-19 15:28 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-12-19 15:28 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-12-19 15:27 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-12-19 15:27 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-12-19 15:27 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-12-19 15:27 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-12-16 22:52 - 2014-12-16 22:52 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JANINE-PC-Microsoft-Windows-7-Professional-(64-bit).dat 2014-12-16 22:52 - 2014-12-16 22:52 - 00000000 ____D () C:\RegBackup 2014-12-15 17:06 - 2014-12-15 17:06 - 00000000 ____D () C:\Users\Nini\Desktop\Neuer Ordner 2014-12-14 14:08 - 2014-12-20 15:42 - 00000000 ____D () C:\FRST 2014-12-11 18:48 - 2014-12-11 18:48 - 00000000 ____D () C:\$WINDOWS.~BT 2014-12-11 16:53 - 2014-12-20 11:09 - 00574504 _____ () C:\Windows\PFRO.log 2014-12-10 19:05 - 2014-12-10 19:24 - 00000000 ____D () C:\Windows\erdnt 2014-12-07 18:35 - 2014-12-07 18:35 - 00000000 ____D () C:\Users\Nini\AppData\Local\VirtualStore 2014-12-07 11:24 - 2014-12-14 14:06 - 00001131 _____ () C:\DelFix.txt 2014-12-07 10:42 - 2014-12-07 13:53 - 00000000 ____D () C:\Windows\ERUNT 2014-12-07 10:31 - 2014-12-14 14:07 - 00000000 ____D () C:\Users\Nini\rechner wieder Her 2014-12-07 10:09 - 2014-12-07 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-06 11:10 - 2014-12-06 11:10 - 00000000 ____D () C:\OETemp 2014-12-06 08:50 - 2014-12-11 18:49 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-12-06 08:50 - 2014-12-11 18:49 - 00001908 _____ () C:\Windows\diagerr.xml ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-20 15:42 - 2009-10-22 11:48 - 02016653 _____ () C:\Windows\WindowsUpdate.log 2014-12-20 15:36 - 2013-04-03 14:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-20 14:39 - 2013-04-04 19:27 - 00000000 ____D () C:\Users\Nini\AppData\Roaming\vlc 2014-12-20 13:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-20 11:41 - 2011-11-08 10:15 - 00000000 ____D () C:\Program Files (x86)\JLC's Software 2014-12-20 11:36 - 2013-04-03 14:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-20 11:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-20 11:15 - 2009-07-14 05:45 - 00021616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-20 11:15 - 2009-07-14 05:45 - 00021616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-20 11:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-20 11:09 - 2009-07-14 05:51 - 00003717 _____ () C:\Windows\setupact.log 2014-12-20 11:05 - 2011-07-18 16:26 - 00000000 ____D () C:\Users\Nini\Janine 2014-12-20 09:17 - 2009-07-14 05:45 - 00325264 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-20 09:16 - 2012-01-01 09:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-20 09:16 - 2012-01-01 09:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-12-20 09:13 - 2009-07-14 19:18 - 00000000 ____D () C:\Program Files\Windows Journal 2014-12-20 09:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2014-12-20 09:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2014-12-20 09:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-12-20 09:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-12-20 09:12 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender 2014-12-20 09:12 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-12-20 09:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-12-20 09:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-12-20 09:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-20 08:16 - 2009-07-14 18:58 - 00684980 _____ () C:\Windows\system32\perfh007.dat 2014-12-20 08:16 - 2009-07-14 18:58 - 00144812 _____ () C:\Windows\system32\perfc007.dat 2014-12-20 08:16 - 2009-07-14 06:13 - 01613086 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-20 06:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-12-20 04:35 - 2010-01-07 13:15 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-20 03:31 - 2010-01-07 13:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works 2014-12-20 03:28 - 2012-01-01 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-12-19 22:55 - 2013-03-19 16:48 - 00000000 ____D () C:\Users\Nini\Hörbuch 2014-12-19 22:47 - 2013-11-12 19:43 - 00000000 ____D () C:\Program Files (x86)\VideoPlayer 2014-12-19 22:47 - 2009-10-23 11:03 - 00000000 ____D () C:\Downloadarchiv 2014-12-19 16:25 - 2013-04-04 19:27 - 00000000 ____D () C:\Users\Nini\AppData\Roaming\dvdcss 2014-12-17 15:38 - 2014-03-11 17:14 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-17 15:13 - 2013-04-02 20:00 - 00000000 ____D () C:\Users\Nini 2014-12-16 23:42 - 2009-07-14 19:18 - 00000000 ____D () C:\Windows\CSC 2014-12-16 23:10 - 2009-07-14 03:34 - 00000541 _____ () C:\Windows\win.ini 2014-12-11 18:47 - 2009-07-14 05:51 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-10 19:22 - 2014-01-29 16:11 - 00002096 __RSH () C:\ProgramData\ntuser.pol 2014-12-10 19:22 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-10 19:22 - 2009-07-14 03:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_468 2014-12-10 19:21 - 2009-07-14 03:34 - 64225280 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-12-10 19:21 - 2009-07-14 03:34 - 38535168 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-12-10 19:21 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-12-10 19:21 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-12-10 19:21 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-12-07 10:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA 2014-12-06 15:32 - 2013-08-15 08:15 - 00000000 ____D () C:\Users\Nini\AppData\Local\TubeBox 2014-12-06 15:32 - 2013-01-12 10:55 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-06 15:32 - 2013-01-12 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec 2014-12-06 15:20 - 2013-11-12 20:07 - 00001264 _____ () C:\Users\Nini\Desktop\Revo Uninstaller.lnk 2014-12-06 15:20 - 2013-01-12 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-06 10:51 - 2013-08-15 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-06 10:51 - 2012-09-08 06:18 - 00000000 ____D () C:\ProgramData\Avira 2014-12-06 10:21 - 2011-07-17 07:06 - 00000609 ___SH () C:\Windows\SysWOW64\mmf.sys 2014-12-06 10:19 - 2014-11-08 09:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla FireFox 2014-11-30 00:53 - 2009-10-22 11:54 - 00000000 ____D () C:\Recovery 2014-11-30 00:47 - 2013-04-02 15:02 - 00000000 ____D () C:\Users\Gast 2014-11-30 00:47 - 2013-03-25 13:11 - 00000000 ____D () C:\Users\Administrator 2014-11-30 00:47 - 2010-11-22 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis 2014-11-30 00:47 - 2010-11-22 11:53 - 00000000 ____D () C:\Program Files (x86)\Acronis 2014-11-30 00:47 - 2009-10-22 11:54 - 00000000 ____D () C:\Users\Janine 2014-11-30 00:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-11-29 16:50 - 2014-11-08 08:59 - 00000125 ___SH () C:\ProgramData\.zreglib 2014-11-24 14:04 - 2009-10-27 14:24 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 17:23 ==================== End Of Log ============================ --- --- --- und die Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014 Ran by Nini at 2014-12-20 15:42:39 Running from F:\Programme Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis*Disk*Director*Home (HKLM-x32\...\{9CCC78EF-027E-40E0-9B61-39932C65E3FE}) (Version: 11.0.216 - Acronis) ADI USB ADSL LAN Adapter (HKLM-x32\...\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}) (Version: - ) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated) Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland) Audiograbber Lame-MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG) Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Free Video Dub version 2.0.21.822 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.822 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.34.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.) Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation) FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin) GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{AF43C18E-693D-4126-B190-8F55E3623D5D}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard) HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - ) IsoBuster 2.8 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8 - Smart Projects) Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle) Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.) Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint 2007 (HKLM-x32\...\POWERPOINT) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0a1 - Mozilla) MSI Afterburner 2.1.0 (HKLM-x32\...\Afterburner) (Version: 2.1.0 - MSI Co., LTD) MSI Kombustor(BETA) v0.7.0 (HKLM-x32\...\MSI Kombustor(BETA)_is1) (Version: - MSI) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall) NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation) NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH) PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: - Jan Fiala) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc) SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.296 - TuneUp Software) Hidden Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_WORD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team) WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-507852487-1521238306-3764321456-1004_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll () ==================== Restore Points ========================= 19-12-2014 15:27:22 Windows Update 19-12-2014 15:44:18 Windows Update 20-12-2014 03:01:09 Windows Update 20-12-2014 09:56:16 Removed Microsoft Silverlight 20-12-2014 11:06:13 Microsoft Visual C++ 2005 Redistributable (x64) wird entfernt 20-12-2014 11:40:45 Revo Uninstaller's restore point - JLC's Internet TV 20-12-2014 11:42:48 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.0.4.1028 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-12-16 23:11 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0827501C-67E0-4ADE-821E-A8AA0DD492FC} - System32\Tasks\{3F0F60CB-1501-4541-9335-1C07FFBEDA16} => pcalua.exe -a C:\Users\Nini\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent(1).exe -d C:\Users\Nini\Downloads Task: {086D064F-97D8-4568-BB8C-9EA2A6465687} - System32\Tasks\{26D7A2F2-8BDA-4AC0-AFFC-04A9CE2010F5} => pcalua.exe -a C:\Users\Nini\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent.exe -d C:\Users\Nini\Downloads Task: {0BDB7ACC-87CC-4321-9D95-45E45C751F50} - System32\Tasks\{1EDFA5BE-C70B-4645-9AB4-7442ECBA27FA} => pcalua.exe -a F:\Systemkram\T-Online_6.0.exe -d F:\Systemkram Task: {17E7B209-C22F-43C9-B0C7-E775D50EC8ED} - System32\Tasks\{F46BD553-0E09-4F96-8940-C66C1CD3F204} => pcalua.exe -a C:\Users\Nini\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent(2).exe -d C:\Users\Nini\Downloads Task: {1C020B8D-BE13-49D6-BEBD-F0FA5C94B7DC} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => c:\Program Files\Java\jre6\bin\jusched.exe [2012-09-30] (Sun Microsystems, Inc.) Task: {24F51262-6055-4DEA-B698-86DBCCC26D0D} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2004-04-17] (InstallShield Software Corporation) Task: {32F10DA7-958A-4A5D-B60A-82BD68D7FBFD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated) Task: {47C76D72-82E0-4B17-A5B9-32C53D7E7F32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03] (Google Inc.) Task: {71F0BB36-37F4-4754-9694-9117059A0030} - System32\Tasks\{B8BD125C-F190-4768-8AC3-AC2F158113DF} => C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe Task: {74286CE3-8C9B-4790-8CFB-B45726B7888A} - System32\Tasks\{5D46F409-7526-4ECE-8782-DA6DA353EC89} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" Task: {80671ADD-1850-4478-AC52-F2945BA83E24} - System32\Tasks\{C4151EC2-2D9F-49EE-B833-435FE3A9BE51} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {9F9953F9-C4CA-4D65-A9D6-BACB897E0048} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard) Task: {A4503C22-A411-46A8-A17B-7CF0DCB6B448} - System32\Tasks\{8B0317B6-A26C-4E4E-8EC1-1D8B75FB4AD2} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Task: {B2444B34-3D98-465C-9635-61E9DEC79E1A} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.) Task: {B73DFC78-837A-4C4D-B9AF-48A85A8A7C30} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16] (InstallShield Software Corporation) Task: {B7BE6DF8-5F57-4F20-A284-FCDF235DFD78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03] (Google Inc.) Task: {C0A43BE1-450C-4471-B6A5-69416C263C5C} - System32\Tasks\{14C23022-903C-4886-A159-3CDBBB9AE65E} => pcalua.exe -a D:\Software\Teledat\Setup.exe -d D:\Software\Teledat Task: {CD3BC894-D451-44C1-9679-BDCDE6208537} - System32\Tasks\{CCB59C68-CE26-4F58-A725-8A50C6E45AF7} => pcalua.exe -a C:\Users\Nini\AppData\Local\Temp\vcredist_x64.exe Task: {D8C4EB24-562C-452C-BE79-467EDE534720} - System32\Tasks\{0BC5E98B-C7BE-457F-A88E-1CA89570FCFD} => pcalua.exe -a D:\DTAG\Setup.exe -d D:\DTAG Task: {FE3AF70D-09C3-4FE0-BC8D-7617984B7487} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-12-06 14:52 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2014-07-08 18:52 - 2013-08-23 12:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll 2009-06-30 21:24 - 2009-06-30 21:24 - 00524128 _____ () C:\Windows\SysWOW64\LcProxy.ax 2014-12-17 15:38 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-17 15:38 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-17 15:38 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-17 15:38 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll 2014-12-17 15:38 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeActiveFileMonitor8.0 => 3 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AeLookupSvc => 3 MSCONFIG\Services: ALG => 3 MSCONFIG\Services: AppIDSvc => 3 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: AppMgmt => 3 MSCONFIG\Services: AudioEndpointBuilder => 2 MSCONFIG\Services: AudioSrv => 2 MSCONFIG\Services: Avira.OE.ServiceHost => 2 MSCONFIG\Services: AxInstSV => 3 MSCONFIG\Services: BDESVC => 3 MSCONFIG\Services: BFE => 2 MSCONFIG\Services: BITS => 2 MSCONFIG\Services: Browser => 3 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: CertPropSvc => 3 MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2 MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2 MSCONFIG\Services: COMSysApp => 3 MSCONFIG\Services: CryptSvc => 2 MSCONFIG\Services: CscService => 2 MSCONFIG\Services: defragsvc => 3 MSCONFIG\Services: Dhcp => 2 MSCONFIG\Services: Dnscache => 2 MSCONFIG\Services: dot3svc => 3 MSCONFIG\Services: DPS => 2 MSCONFIG\Services: EapHost => 3 MSCONFIG\Services: EFS => 3 MSCONFIG\Services: ehRecvr => 3 MSCONFIG\Services: ehSched => 3 MSCONFIG\Services: eventlog => 2 MSCONFIG\Services: EventSystem => 2 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: fdPHost => 3 MSCONFIG\Services: FDResPub => 3 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: FontCache => 2 MSCONFIG\Services: FontCache3.0.0.0 => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: hidserv => 3 MSCONFIG\Services: hkmsvc => 3 MSCONFIG\Services: HomeGroupListener => 3 MSCONFIG\Services: HomeGroupProvider => 3 MSCONFIG\Services: IDriverT => 3 MSCONFIG\Services: idsvc => 3 MSCONFIG\Services: IGDCTRL => 2 MSCONFIG\Services: IKEEXT => 2 MSCONFIG\Services: IPBusEnum => 3 MSCONFIG\Services: iphlpsvc => 2 MSCONFIG\Services: KeyIso => 3 MSCONFIG\Services: KtmRm => 3 MSCONFIG\Services: LanmanServer => 2 MSCONFIG\Services: LanmanWorkstation => 2 MSCONFIG\Services: LicCtrlService => 2 MSCONFIG\Services: lltdsvc => 3 MSCONFIG\Services: lmhosts => 2 MSCONFIG\Services: MMCSS => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MpsSvc => 2 MSCONFIG\Services: MSDTC => 3 MSCONFIG\Services: MSiSCSI => 3 MSCONFIG\Services: msiserver => 3 MSCONFIG\Services: napagent => 3 MSCONFIG\Services: Netlogon => 3 MSCONFIG\Services: Netman => 3 MSCONFIG\Services: netprofm => 3 MSCONFIG\Services: NlaSvc => 2 MSCONFIG\Services: nsi => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: nvUpdatusService => 2 MSCONFIG\Services: odserv => 3 MSCONFIG\Services: OS Selector => 2 MSCONFIG\Services: ose => 3 MSCONFIG\Services: p2pimsvc => 3 MSCONFIG\Services: p2psvc => 3 MSCONFIG\Services: PcaSvc => 2 MSCONFIG\Services: PCSUService => 2 MSCONFIG\Services: PeerDistSvc => 3 MSCONFIG\Services: PerfHost => 3 MSCONFIG\Services: pla => 3 MSCONFIG\Services: PNRPAutoReg => 3 MSCONFIG\Services: PNRPsvc => 3 MSCONFIG\Services: PolicyAgent => 3 MSCONFIG\Services: Power => 2 MSCONFIG\Services: ProtectedStorage => 3 MSCONFIG\Services: QWAVE => 3 MSCONFIG\Services: RasAuto => 3 MSCONFIG\Services: RasMan => 3 MSCONFIG\Services: RemoteRegistry => 3 MSCONFIG\Services: RpcLocator => 3 MSCONFIG\Services: SamSs => 2 MSCONFIG\Services: SCardSvr => 3 MSCONFIG\Services: SCPolicySvc => 3 MSCONFIG\Services: SDRSVC => 3 MSCONFIG\Services: SeaPort => 2 MSCONFIG\Services: seclogon => 3 MSCONFIG\Services: SENS => 2 MSCONFIG\Services: SensrSvc => 3 MSCONFIG\Services: SessionEnv => 3 MSCONFIG\Services: SharedAccess => 3 MSCONFIG\Services: ShellHWDetection => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: SNMPTRAP => 3 MSCONFIG\Services: Spooler => 2 MSCONFIG\Services: sppuinotify => 3 MSCONFIG\Services: SSDPSRV => 3 MSCONFIG\Services: SstpSvc => 3 MSCONFIG\Services: stisvc => 2 MSCONFIG\Services: StorSvc => 3 MSCONFIG\Services: swprv => 3 MSCONFIG\Services: SysMain => 2 MSCONFIG\Services: TabletInputService => 3 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: TBS => 3 MSCONFIG\Services: TermService => 3 MSCONFIG\Services: Themes => 2 MSCONFIG\Services: THREADORDER => 3 MSCONFIG\Services: TrkWks => 2 MSCONFIG\Services: TrustedInstaller => 3 MSCONFIG\Services: UI0Detect => 3 MSCONFIG\Services: UmRdpService => 3 MSCONFIG\Services: upnphost => 3 MSCONFIG\Services: UxSms => 2 MSCONFIG\Services: VaultSvc => 3 MSCONFIG\Services: vds => 3 MSCONFIG\Services: VSS => 3 MSCONFIG\Services: W32Time => 3 MSCONFIG\Services: wbengine => 3 MSCONFIG\Services: WbioSrvc => 3 MSCONFIG\Services: wcncsvc => 3 MSCONFIG\Services: WcsPlugInService => 3 MSCONFIG\Services: WdiServiceHost => 3 MSCONFIG\Services: WdiSystemHost => 3 MSCONFIG\Services: WebClient => 3 MSCONFIG\Services: Wecsvc => 3 MSCONFIG\Services: wercplsupport => 3 MSCONFIG\Services: WerSvc => 3 MSCONFIG\Services: WinDefend => 2 MSCONFIG\Services: WinHttpAutoProxySvc => 3 MSCONFIG\Services: Winmgmt => 3 MSCONFIG\Services: WinRM => 3 MSCONFIG\Services: Wlansvc => 2 MSCONFIG\Services: wmiApSrv => 3 MSCONFIG\Services: WMPNetworkSvc => 2 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\Services: WPDBusEnum => 3 MSCONFIG\Services: wscsvc => 2 MSCONFIG\Services: WSearch => 2 MSCONFIG\Services: wuauserv => 2 MSCONFIG\Services: wudfsvc => 2 MSCONFIG\Services: WwanSvc => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^forteManager.lnk => C:\Windows\pss\forteManager.lnk.CommonStartup MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart ========================= Accounts: ========================== Administrator (S-1-5-21-507852487-1521238306-3764321456-500 - Administrator - Disabled) => C:\Users\Administrator Gast (S-1-5-21-507852487-1521238306-3764321456-501 - Limited - Disabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-507852487-1521238306-3764321456-1002 - Limited - Enabled) Janine (S-1-5-21-507852487-1521238306-3764321456-1000 - Administrator - Disabled) => C:\Users\Janine Nini (S-1-5-21-507852487-1521238306-3764321456-1004 - Administrator - Enabled) => C:\Users\Nini UpdatusUser (S-1-5-21-507852487-1521238306-3764321456-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/20/2014 11:44:50 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/20/2014 11:31:33 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (12/20/2014 01:43:49 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/20/2014 01:43:41 PM) (Source: Disk) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR2. Error: (12/20/2014 11:32:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Netzwerklistendienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1079 Error: (12/20/2014 11:32:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Netzwerklistendienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1079 Microsoft Office Sessions: ========================= Error: (08/18/2014 06:16:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash. Error: (08/18/2014 06:15:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash. Error: (08/18/2014 06:14:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/09/2011 08:25:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 971 seconds with 420 seconds of active time. This session ended with a crash. Error: (02/09/2011 07:44:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 84016 seconds with 2940 seconds of active time. This session ended with a crash. Error: (02/08/2011 08:24:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 789882 seconds with 8100 seconds of active time. This session ended with a crash. Error: (02/21/2010 05:15:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 902 seconds with 540 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-12-10 19:19:54.984 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-12-10 19:19:54.953 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz Percentage of memory in use: 53% Total physical RAM: 4094.49 MB Available physical RAM: 1889.83 MB Total Pagefile: 10233.69 MB Available Pagefile: 7967.7 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:596.07 GB) (Free:282.22 GB) NTFS Drive f: (USB DISK) (Removable) (Total:0.24 GB) (Free:0.19 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: DBE50493) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 248 MB) (Disk ID: BBCAABDE) Partition 1: (Active) - (Size=248 MB) - (Type=06) ==================== End Of Log ============================ |
21.12.2014, 08:30 | #14 |
/// the machine /// TB-Ausbilder | Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 Was besteht jetzt aktuell noch an Problemen mit dem System?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7 mit schwarzem Bildschirm ohne Taskleiste 2 |
adobe, avg, avira, bildschirm, browser, dsl, explorer, frage, google, helper, home, homepage, iexplore.exe, mozilla, problem, programm, registry, rundll, services.exe, software, svchost.exe, system, taskleiste, windows, winlogon.exe |