| |
| |||||||
Log-Analyse und Auswertung: Prüfung ob Rechner sauber ist (nach schriflticher Telekom-Warnung)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.12.2014, 17:54
| #1 |
 |  Prüfung ob Rechner sauber ist (nach schriflticher Telekom-Warnung) Hi, folgender Hintergrund: Bekannter erhielt Schreiben (kein Mail!) von Telekom mit Warnung und Hinweis, dass Rechner infiziert sei. Er soll entsprechende Maßnahmen einleiten. Es sind zwei Rechner (Notebooks) im Einsatz. Einen habe ich sofort platt gemacht, bzw. Werkseinstellung, da seit dem Kauf (!) kein aktuelles Virenprogramm installiert wurde - unglaublich. Also neu aufgesetzt, alle Updates installiert inkl. Virenprogramm. Beim 2. Rechner (Win8 Home) habe ich Malwarebytes, Adwcleaner, div. Virenscanner laufen lassen, da ich den Eindruck hatte, dieser ist nicht so "heftig" betroffen. Beim ersten Rechner (Win7 Home) war das auch schon spürbar in der Geschwindigkeit merkbar. Hier die Ergebnisse: Malwarebytes HTML-Code: Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.12.2014 Suchlauf-Zeit: 21:55:37 Logdatei: 14-12-14_MW_log.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.14.06 Rootkit Datenbank: v2014.12.08.03 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: forster Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 321742 Verstrichene Zeit: 23 Min, 58 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 12 PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}, , [ae19223e7507df57914a06cf7f8311ef], PUP.Optional.SearchQu, HKU\S-1-5-21-2782460128-3064297470-4088778308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [ae19223e7507df57914a06cf7f8311ef], PUP.Optional.SearchQu, HKU\S-1-5-21-2782460128-3064297470-4088778308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [ae19223e7507df57914a06cf7f8311ef], PUP.Optional.Bandoo.A, HKU\S-1-5-21-2782460128-3064297470-4088778308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [24a3b8a83b411e184e4f52b6bb48db25], PUP.Optional.Bandoo.A, HKU\S-1-5-21-2782460128-3064297470-4088778308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [24a3b8a83b411e184e4f52b6bb48db25], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, , [7b4c85dbfe7eaf87111cc0b5cb3804fc], PUP.Optional.DataMngr.A, HKU\S-1-5-21-2782460128-3064297470-4088778308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, , [83442b35bfbd8da9f5a1cadd56ae25db], PUP.Optional.Conduit.A, HKU\S-1-5-21-2782460128-3064297470-4088778308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [5d6aca964636da5c5ab8f55f16ed0ef2], PUP.Optional.PriceGong.A, HKU\S-1-5-21-2782460128-3064297470-4088778308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [fdca0d53a9d3cb6bded077dd38cb8e72], PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2782460128-3064297470-4088778308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, , [5e6957093c40241276545b021de6c63a], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2782460128-3064297470-4088778308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [0cbbf36d116b34028a0ff39e54afa25e], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2782460128-3064297470-4088778308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [299e3927611b66d06851b8ef6b999070], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-2782460128-3064297470-4088778308-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1M1F1J1T, , [299e3927611b66d06851b8ef6b999070] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 3 PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.Datamngr.A, C:\Users\forster\AppData\LocalLow\DataMngr, , [5374d9879ce0290dec8af62cab586d93], Dateien: 57 PUP.Optional.Searchqu.A, C:\Users\forster\AppData\Local\Temp\searchqutoolbar-manifest.xml, , [3c8be27ef884d36301237c2c0cf8d42c], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\h.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\1.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\11316.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\11359.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\126.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\15261.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\15335.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\15741.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\16702.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\1728.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\21640.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\2229.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\2260.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\22952.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\3721.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\41.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\4369.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\438.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\4420.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\4489.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\6559.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\6772.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\7006.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\7007.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\7031.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\7982.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\83.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\9514.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\a.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\b.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\c.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\d.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\e.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\f.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\g.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\i.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\j.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\k.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\l.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\m.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\mru.xml, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\n.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\o.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\p.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\q.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\r.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\s.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\t.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\u.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\v.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\w.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\wlu.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\x.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\y.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.PriceGong.A, C:\Users\forster\AppData\LocalLow\PriceGong\Data\z.txt, , [9037f868720a8aac5150cc53649fae52], PUP.Optional.Datamngr.A, C:\Users\forster\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [5374d9879ce0290dec8af62cab586d93], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) HTML-Code: # AdwCleaner v4.105 - Bericht erstellt am 14/12/2014 um 22:31:31
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-13.4 [Live]
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : forster - PETER
# Gestartet von : C:\Users\forster\Desktop\adwcleaner_4.105.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\forster\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\forster\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\forster\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\forster\AppData\Roaming\HoolappforAndroid
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3241949
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6528B25B-FE50-4DD9-BB2A-782235D8F3A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Google Chrome v39.0.2171.71
*************************
AdwCleaner[R0].txt - [3799 octets] - [14/12/2014 22:28:18]
AdwCleaner[S0].txt - [3149 octets] - [14/12/2014 22:31:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3209 octets] ########## HTML-Code: C:\Users\forster\Downloads\3D-Wohnraumplaner-Setup.exe Win32/WinloadSDA.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert Dann noch Scan mit Panda (ist jetzt installiert) HTML-Code: Ereignisse Datum/Zeit Status Weitere Details --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Scan 16.12.2014 16:24 Beendet Durchsuche: C:\ Cookie erkannt Cookie/adultfriendfinder 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/KO26CTE8.txt] Cookie erkannt Cookie/FastClick 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/NCLP0KD5.txt] Cookie erkannt Cookie/QuestionMarket 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/PIO7SCSD.txt] Cookie erkannt Cookie/Adtech 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/TMNIEN21.txt] Cookie erkannt Cookie/Weborama 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/VKOWSR1T.txt] Cookie erkannt Cookie/Serving-sys 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/WD81XTKR.txt] Cookie erkannt Cookie/Advertising 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/X3EEW1Z5.txt] Cookie erkannt Cookie/Serving-sys 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/XQETQ200.txt] Cookie erkannt Unbekannter Name 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/Z7XNMXQK.txt] Cookie erkannt Cookie/Apmebf 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/K2DUB0YD.txt] Cookie erkannt Cookie/Mediaplex 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/JP0I1SCZ.txt] Cookie erkannt Cookie/Smartadserver 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/I3DIA46H.txt] Cookie erkannt Cookie/Statcounter 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/HP7364Y6.txt] Cookie erkannt Cookie/Tribalfusion 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/FQQA70WO.txt] Cookie erkannt Cookie/adultfriendfinder 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/EHPI378C.txt] Cookie erkannt Cookie/FastClick 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/AXBJ9GSC.txt] Cookie erkannt Cookie/Casalemedia 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/2ISMPJVX.txt] Cookie erkannt Cookie/Adverserve 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/3J73IYO7.txt] Cookie erkannt Cookie/Mediaplex 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/AGF3VHUE.txt] Cookie erkannt Cookie/Apmebf 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/G39FUF9F.txt] Cookie erkannt Unbekannter Name 16.12.2014 15:48 Gelöscht Speicherort: C:\Users\forster\AppData\Roaming\DVDVideoSoft\syslist_extra.gzp[Low/GJQK5VT3.txt] Cookie erkannt Unbekannter Name 16.12.2014 15:46 Gelöscht Speicherort: C:\Users\forster\AppData\Local\Google\Chrome\Metro\User Data\Default\Cookies[.doubleclick.net/] Scan 16.12.2014 15:32 Gestartet Durchsuche: C:\ Computer geimpft 16.12.2014 15:20 Geimpft Synchronisierung 16.12.2014 13:22 Synchronisiert Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen. Synchronisierung 16.12.2014 12:43 Synchronisiert Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen. Computer geimpft 16.12.2014 12:42 Geimpft frst-log HTML-Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by forster (administrator) on PETER on 17-12-2014 17:27:53
Running from C:\Users\forster\Desktop
Loaded Profile: forster (Available profiles: forster)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(AGFEO) D:\MARKUS FORSTER\Tk-Suite-Basic\tools\ctimon.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2782460128-3064297470-4088778308-1001\...\Run: [GoogleChromeAutoLaunch_06272D43B94915C086611526617B994A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-2782460128-3064297470-4088778308-1001\...\RunOnce: [Adobe Speed Launcher] => 1418833610
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk
ShortcutTarget: TK-Suite Client.lnk -> D:\MARKUS FORSTER\Tk-Suite-Basic\tools\ctimon.exe (AGFEO)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2782460128-3064297470-4088778308-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-2782460128-3064297470-4088778308-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-2782460128-3064297470-4088778308-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - No Name - !{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKLM-x32 - No Name - !{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: Default -> chrome://newtab
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\forster\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\forster\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]
CHR Extension: (YouTube) - C:\Users\forster\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-30]
CHR Extension: (Adblock Plus) - C:\Users\forster\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-10-30]
CHR Extension: (Google-Suche) - C:\Users\forster\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-30]
CHR Extension: (Click&Clean) - C:\Users\forster\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2012-10-30]
CHR Extension: (Ghostery) - C:\Users\forster\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-11-01]
CHR Extension: (Google Wallet) - C:\Users\forster\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Click&Clean App) - C:\Users\forster\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2013-01-12]
CHR Extension: (Google Mail) - C:\Users\forster\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-30]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S1 MpKsl942db78d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFDDDAFA-4883-4507-846A-99C8894C7DFD}\MpKsl942db78d.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 17:27 - 2014-12-17 17:28 - 00015920 _____ () C:\Users\forster\Desktop\FRST.txt
2014-12-17 17:27 - 2014-12-17 17:27 - 00000000 ____D () C:\Users\forster\Desktop\FRST-OlderVersion
2014-12-16 16:36 - 2014-12-17 17:27 - 00000000 ____D () C:\FRST
2014-12-16 15:31 - 2014-12-17 17:27 - 02121216 _____ (Farbar) C:\Users\forster\Desktop\FRST64.exe
2014-12-16 15:28 - 2014-12-16 15:28 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-12-16 15:26 - 2014-12-16 15:26 - 00000898 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-16 15:26 - 2014-12-16 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-16 12:42 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2014-12-16 12:41 - 2014-12-16 12:42 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-16 12:41 - 2014-12-16 12:41 - 00000000 ____D () C:\Users\forster\AppData\Roaming\Panda Security
2014-12-16 12:41 - 2014-12-16 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2014-12-16 12:40 - 2014-12-16 12:42 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-16 12:38 - 2014-12-16 16:36 - 00000000 ____D () C:\Users\forster\Desktop\Berichte
2014-12-16 12:38 - 2014-12-16 12:38 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-12-16 11:32 - 2014-12-16 17:10 - 00000000 ____D () C:\Users\forster\AppData\Roaming\ClassicShell
2014-12-16 11:32 - 2014-12-16 11:32 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-12-16 11:32 - 2014-12-16 11:30 - 00002181 _____ () C:\Users\forster\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2014-12-16 11:30 - 2014-12-16 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-12-16 11:30 - 2014-12-16 11:30 - 00000000 ____D () C:\Program Files\Classic Shell
2014-12-14 22:53 - 2014-12-14 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-14 22:53 - 2014-12-14 22:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 22:53 - 2014-12-14 22:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-14 21:54 - 2014-12-14 21:55 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-14 21:53 - 2014-12-14 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-14 21:53 - 2014-12-14 21:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-14 21:53 - 2014-12-14 21:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-14 21:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-14 21:53 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-14 21:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-05 17:04 - 2014-12-13 13:07 - 00000000 ____D () C:\Users\forster\AppData\Roaming\Canon
2014-12-05 17:00 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BML.dll
2014-12-05 17:00 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BMU.dll
2014-12-05 17:00 - 2012-05-15 15:54 - 00092416 _____ () C:\WINDOWS\SysWOW64\CNC1766D.TBL
2014-12-05 17:00 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2014-12-05 16:59 - 2014-12-05 16:59 - 00002052 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2014-12-05 16:59 - 2014-12-05 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX390 series Benutzerregistrierung
2014-12-05 16:55 - 2014-12-05 16:55 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-12-05 16:55 - 2014-12-05 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX390 series Manual
2014-12-05 15:59 - 2014-12-05 16:59 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-12-05 15:54 - 2014-12-05 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-12-05 15:54 - 2014-12-05 16:56 - 00000000 ____D () C:\Program Files\Canon
2014-12-05 15:53 - 2014-12-05 16:55 - 00002387 _____ () C:\Users\Public\Desktop\Canon MX390 series On-Screen-Handbuch.lnk
2014-12-05 15:53 - 2014-12-05 15:53 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-12-05 15:52 - 2014-12-05 15:53 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-12-05 15:52 - 2012-09-21 09:34 - 00366080 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BML.dll
2014-12-05 15:52 - 2012-09-21 05:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALBM.DLL
2014-12-05 15:52 - 2012-09-20 05:00 - 00390656 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBM.DLL
2014-12-05 15:52 - 2012-05-25 09:21 - 00282624 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BMC.dll
2014-12-05 15:52 - 2012-05-25 09:20 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BMI.dll
2014-12-05 15:52 - 2012-05-15 15:54 - 00092416 _____ () C:\WINDOWS\system32\CNC1766D.TBL
2014-12-05 15:52 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll
2014-12-05 15:49 - 2014-12-05 17:00 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-11-28 12:02 - 2014-11-28 12:02 - 00000000 ____H () C:\Users\forster\AppData\Local\BIT898D.tmp
2014-11-28 12:02 - 2014-11-28 12:02 - 00000000 _____ () C:\Users\forster\AppData\Local\{B16D7AC9-E68D-4F0F-949C-BEE55AEE7437}
2014-11-21 17:20 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-21 17:20 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-21 17:20 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-21 17:20 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 17:27 - 2014-09-01 19:37 - 01702915 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-17 17:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-17 17:26 - 2012-10-30 19:35 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-16 17:12 - 2012-10-30 19:35 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-16 16:51 - 2014-09-02 16:45 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B26512A4-7718-4A4B-BEDE-E570D4021089}
2014-12-16 16:28 - 2012-10-27 22:28 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2782460128-3064297470-4088778308-1001
2014-12-16 15:28 - 2012-08-25 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-12-16 15:25 - 2012-11-01 12:40 - 00000000 ____D () C:\Program Files\VideoLAN
2014-12-16 15:23 - 2012-08-25 23:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-16 15:23 - 2012-08-25 23:20 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-12-16 15:19 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-16 15:19 - 2013-08-22 15:44 - 00421688 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-16 15:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-16 15:18 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-16 10:19 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-16 10:19 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-16 10:19 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-14 22:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-12-14 21:51 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-13 12:45 - 2012-10-30 21:08 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-05 17:00 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-20 21:51 - 2014-09-15 19:20 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-20 21:51 - 2014-09-15 19:20 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-17 15:07 - 2012-10-30 19:35 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-17 15:07 - 2012-10-30 19:35 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
Some content of TEMP:
====================
C:\Users\forster\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-16 16:42
==================== End Of Log ============================ HTML-Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by forster at 2014-12-17 17:29:07
Running from C:\Users\forster\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MX390 series Benutzerregistrierung (HKLM-x32\...\Canon MX390 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MX390 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX390_series) (Version: 1.00 - Canon Inc.)
Canon MX390 series On-screen Manual (HKLM-x32\...\Canon MX390 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.0.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.0.128 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
LibreOffice 3.6 (HKLM-x32\...\{1E85458A-9B00-443F-A187-2E06DBB15E43}) (Version: 3.6.2.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista (HKLM-x32\...\{336E283A-7925-4AC2-9F6D-BF1B32B5B37B}) (Version: 5.30 - Silicon Laboratories, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - MPP USB CDC Virtual COM Port (09/16/2011 1.5.0) (HKLM\...\FA2D8F33B8798AA7C96E36660A41175DEC901410) (Version: 09/16/2011 1.5.0 - MPP)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2782460128-3064297470-4088778308-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
==================== Restore Points =========================
26-11-2014 17:08:36 Windows Update
16-12-2014 11:29:32 Installed Classic Shell
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {303C7419-D633-4337-8692-8185E1F8CD40} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {597332EC-1E99-4EA4-9A70-0EA71DEFCBAB} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: {7C99D4BD-94D9-4B32-8ED6-467795128888} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {B3E245B0-5C03-47A2-8438-1B549A1CF0A5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-14] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2011-10-13 22:38 - 2011-10-13 22:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2014-01-29 22:02 - 2014-01-29 22:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 03:13 - 2012-08-14 03:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2012-09-13 17:59 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2005-04-26 08:10 - 2005-04-26 08:10 - 04005888 _____ () D:\MARKUS FORSTER\Tk-Suite-Basic\tools\qt-mt334.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:C68DE4A3
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "TPUReg"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
========================= Accounts: ==========================
Administrator (S-1-5-21-2782460128-3064297470-4088778308-500 - Administrator - Disabled)
forster (S-1-5-21-2782460128-3064297470-4088778308-1001 - Administrator - Enabled) => C:\Users\forster
Gast (S-1-5-21-2782460128-3064297470-4088778308-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/16/2014 11:42:29 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (12/16/2014 11:42:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (12/16/2014 11:18:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (12/16/2014 10:45:51 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (12/16/2014 10:19:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (12/16/2014 10:19:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (12/16/2014 10:19:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (12/16/2014 10:19:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (12/16/2014 10:19:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CNQMUPDT.EXE, Version: 2.1.0.0, Zeitstempel: 0x5063d75d
Name des fehlerhaften Moduls: CNMDWLD.DLL, Version: 1.0.0.0, Zeitstempel: 0x4f5eedc8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000023c6
ID des fehlerhaften Prozesses: 0x1100
Startzeit der fehlerhaften Anwendung: 0xCNQMUPDT.EXE0
Pfad der fehlerhaften Anwendung: CNQMUPDT.EXE1
Pfad des fehlerhaften Moduls: CNQMUPDT.EXE2
Berichtskennung: CNQMUPDT.EXE3
Vollständiger Name des fehlerhaften Pakets: CNQMUPDT.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CNQMUPDT.EXE5
Error: (12/16/2014 10:19:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
System errors:
=============
Error: (12/16/2014 03:20:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/16/2014 00:42:48 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/16/2014 11:22:26 AM) (Source: DCOM) (EventID: 10010) (User: peter)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (12/16/2014 11:21:53 AM) (Source: DCOM) (EventID: 10010) (User: peter)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/14/2014 10:31:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TOSHIBA eco Utility Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/14/2014 10:31:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/14/2014 10:31:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/14/2014 10:31:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/14/2014 10:31:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/14/2014 10:31:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TPCH Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (12/16/2014 11:42:29 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\forster\Desktop\esetsmartinstaller_deu.exe
Error: (12/16/2014 11:42:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\forster\Desktop\esetsmartinstaller_deu.exe
Error: (12/16/2014 11:18:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\forster\Desktop\esetsmartinstaller_deu.exe
Error: (12/16/2014 10:45:51 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (12/16/2014 10:19:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\forster\Desktop\esetsmartinstaller_deu.exe
Error: (12/16/2014 10:19:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\forster\Desktop\esetsmartinstaller_deu.exe
Error: (12/16/2014 10:19:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\forster\Desktop\esetsmartinstaller_deu.exe
Error: (12/16/2014 10:19:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\forster\Desktop\esetsmartinstaller_deu.exe
Error: (12/16/2014 10:19:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CNQMUPDT.EXE2.1.0.05063d75dCNMDWLD.DLL1.0.0.04f5eedc8c0000005000023c6110001d0191155cead46C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXEC:\Program Files (x86)\Canon\Quick Menu\CNMDWLD.DLL9a6cae6b-8504-11e4-becc-4c72b9ab5d83
Error: (12/16/2014 10:19:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\forster\Desktop\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2014-12-16 12:44:14.658
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-16 12:44:14.501
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-16 12:44:14.314
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-16 12:44:12.767
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-16 12:44:12.642
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-16 12:44:12.454
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-16 12:44:11.798
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-16 11:24:38.806
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-16 11:24:38.650
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU B830 @ 1.80GHz
Percentage of memory in use: 27%
Total physical RAM: 3977.22 MB
Available physical RAM: 2866.05 MB
Total Pagefile: 4681.22 MB
Available Pagefile: 3443.44 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
==================== Drives ================================
Drive c: (TI30976100A) (Fixed) (Total:144.59 GB) (Free:117.92 GB) NTFS
Drive d: (Peter) (Fixed) (Total:143.93 GB) (Free:119.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================ |
|
17.12.2014, 18:41
| #2 |
| /// the machine /// TB-Ausbilder    | Prüfung ob Rechner sauber ist (nach schriflticher Telekom-Warnung) hi,
__________________Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
__________________ |
|
17.12.2014, 21:38
| #3 |
| | Prüfung ob Rechner sauber ist (nach schriflticher Telekom-Warnung) Hier das Log:
__________________HTML-Code: Emsisoft Emergency Kit - Version 9.0 Letztes Update: 17.12.2014 20:35:07 Benutzerkonto: peter\forster Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ PUPs-Erkennung: An Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 17.12.2014 20:35:49 Gescannt 272172 Gefunden 0 Scan Ende: 17.12.2014 21:31:31 Scan Zeit: 0:55:42 |
|
18.12.2014, 20:35
| #4 |
| /// the machine /// TB-Ausbilder | Prüfung ob Rechner sauber ist (nach schriflticher Telekom-Warnung) sieht gut aus 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.12.2014, 21:06
| #5 |
| | Prüfung ob Rechner sauber ist (nach schriflticher Telekom-Warnung) Herzlichen Dank. Noch kurz folgende Fragen: 1. FRST und Emisoft Kit deinstalliere ich durch löschen der entsprechenden Dateien, bzw. Ordner? 2. Die von Malwarbytes gefundenen Sachen sind ja in Quarantänte. Kann ich diese über das Prgramm löschen? Möchte das Programm im Anschluss deinstallieren. 3. Schnell zum Virenprogramm: was ist eure Empfehlung im Free-Bereich? Passt das Panda (ich sag immer - besser als gar nix  )Ansonsten bleibt mir nur Dir und Deinem Team schöne, aber auch hoffentlich etwas ruhige Feiertage und einen "virenfreien" guten Rutsch ins Jahr 2014 zu wünschen.  |
|
19.12.2014, 19:36
| #6 | |||
| /// the machine /// TB-Ausbilder | Prüfung ob Rechner sauber ist (nach schriflticher Telekom-Warnung)Zitat:
Zitat:
Zitat:
), MSE, Avast oder Panda. Aber Support und Werbefreiheit musste dann suchen gehen.
__________________ --> Prüfung ob Rechner sauber ist (nach schriflticher Telekom-Warnung) |
|
| Themen zu Prüfung ob Rechner sauber ist (nach schriflticher Telekom-Warnung) |
| conduitsearch, conduitsearch entfernen, converter, device driver, dvdvideosoft ltd., f.txt, fehlercode 0xc0000005, homepage, installation, internet, internet explorer, programm, pup.optional.bandoo.a, pup.optional.conduit.a, pup.optional.datamangr.a, pup.optional.datamngr.a, pup.optional.dvdvideosofttb.a, pup.optional.installcore.a, pup.optional.pricegong.a, pup.optional.searchqu, pup.optional.searchqu.a, registry, security, software, svchost.exe, win32/winloadsda.c |
Linear-Darstellung
