| |
| |||||||
Log-Analyse und Auswertung: TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im PostWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.01.2015, 13:01
| #1 |
| |  TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post Hallo ihr Lieben, habe mich gerade hier angemeldet, in der Hoffnung, Hilfe zu bekommen! Ich schildere euch kurz mein Problem: Ich habe gestern Sims 2 gespielt. Zwei Stunden nachdem ich aus dem Spiel ging, bekam ich von Avira die Meldung, das Programm habe den Trojaner TR/Rogue gefunden und in Quarantäne verschoben (wo er jetzt immer noch ist, bzw. es sind zwei Dateien in Quarantäne). Symptome habe ich keine. Ich habe die Logfileanalysen wie in eurem Übersichtspost gemacht, ihr findet sie unten. Ich habe dabei mein Avira ausgeschaltet. Nun lässt es sich allerdings nicht mehr starten. Es kommt eine Meldung, ich habe nicht die ausreichenden Berechtigungen dazu. Ist das normal? Ich bin jetzt mit einem anderen Gerät ins Forum gegangen. Solange Avira nicht tut, aktiviere ich das Internet lieber nicht an meinem Rechner. Was kann ich in erster Linie dahingehend tun, damit ich wieder e? Naja und dann wüsste ich natürlich gerne, ob mein System sauber ist, oder ob bzw. was ich noch tun soll, um den Rogue loszuwerden  Ich wäre euch für eure Hilfe echt dankbar, ich bin kein sonderlich großer PC-Crack und vor allem, dass mein Avira sich jetzt nicht mehr aktivieren lässt beunruhigt mich sehr. Wenn ihr noch Systemdaten braucht, einfach melden! Hier ist mein Avira-Scan Code:
ATTFilter
Antivirus Pro
Erstellungsdatum der Reportdatei: Mittwoch, 14. Januar 2015 11:23
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : wrwtt etet
Seriennummer : 2224496790-PEPWE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Vanessa
Computername : VANESSA-PC
Versionsinformationen:
BUILD.DAT : 14.0.7.468 94169 Bytes 24.11.2014 10:23:00
AVSCAN.EXE : 14.0.7.462 1015544 Bytes 09.12.2014 10:13:58
AVSCANRC.DLL : 14.0.7.308 64304 Bytes 18.11.2014 10:28:41
LUKE.DLL : 14.0.7.462 60664 Bytes 09.12.2014 10:14:06
AVSCPLR.DLL : 14.0.7.440 93488 Bytes 09.12.2014 10:13:58
REPAIR.DLL : 14.0.7.412 366328 Bytes 09.12.2014 10:13:57
REPAIR.RDF : 1.0.3.88 668446 Bytes 13.01.2015 11:33:35
AVREG.DLL : 14.0.7.310 264952 Bytes 18.11.2014 10:28:40
AVLODE.DLL : 14.0.7.440 561456 Bytes 09.12.2014 10:13:56
AVLODE.RDF : 14.0.4.54 78895 Bytes 05.12.2014 16:21:22
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:01:48
XBV00240.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:26
XBV00241.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:26
XBV00242.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:26
XBV00243.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:26
XBV00244.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:26
XBV00245.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:26
XBV00246.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:26
XBV00247.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:26
XBV00248.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:26
XBV00249.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:26
XBV00250.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:26
XBV00251.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:27
XBV00252.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:27
XBV00253.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:27
XBV00254.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:27
XBV00255.VDF : 8.11.197.100 2048 Bytes 23.12.2014 08:42:27
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 12:17:20
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 16:58:25
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 12:48:52
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 16:10:21
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:41:45
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 16:53:29
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 14:07:45
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 10:40:09
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 11:01:47
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 19:06:36
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 16:56:38
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 12:51:28
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 11:40:37
XBV00042.VDF : 8.11.190.56 35840 Bytes 03.12.2014 17:40:37
XBV00043.VDF : 8.11.192.58 2048 Bytes 03.12.2014 17:40:37
XBV00044.VDF : 8.11.192.86 18944 Bytes 03.12.2014 16:21:22
XBV00045.VDF : 8.11.192.110 7680 Bytes 03.12.2014 16:21:22
XBV00046.VDF : 8.11.192.134 5120 Bytes 03.12.2014 16:21:22
XBV00047.VDF : 8.11.192.138 9216 Bytes 03.12.2014 16:21:22
XBV00048.VDF : 8.11.192.140 4608 Bytes 04.12.2014 16:21:22
XBV00049.VDF : 8.11.192.144 8192 Bytes 04.12.2014 16:21:22
XBV00050.VDF : 8.11.192.146 20480 Bytes 04.12.2014 16:21:22
XBV00051.VDF : 8.11.192.148 19456 Bytes 04.12.2014 16:21:22
XBV00052.VDF : 8.11.192.152 12800 Bytes 04.12.2014 16:21:22
XBV00053.VDF : 8.11.192.154 5120 Bytes 04.12.2014 16:21:22
XBV00054.VDF : 8.11.192.158 2048 Bytes 04.12.2014 16:21:22
XBV00055.VDF : 8.11.192.160 2048 Bytes 04.12.2014 16:21:22
XBV00056.VDF : 8.11.192.162 2048 Bytes 04.12.2014 16:21:22
XBV00057.VDF : 8.11.192.166 8192 Bytes 04.12.2014 16:21:22
XBV00058.VDF : 8.11.192.168 6144 Bytes 05.12.2014 16:21:22
XBV00059.VDF : 8.11.192.172 6144 Bytes 05.12.2014 16:21:22
XBV00060.VDF : 8.11.192.236 24064 Bytes 05.12.2014 16:21:23
XBV00061.VDF : 8.11.192.238 2048 Bytes 05.12.2014 16:21:23
XBV00062.VDF : 8.11.193.22 11776 Bytes 05.12.2014 15:19:43
XBV00063.VDF : 8.11.193.42 29696 Bytes 06.12.2014 15:19:43
XBV00064.VDF : 8.11.193.66 41472 Bytes 06.12.2014 15:19:44
XBV00065.VDF : 8.11.193.68 2048 Bytes 06.12.2014 15:19:44
XBV00066.VDF : 8.11.193.70 37888 Bytes 07.12.2014 15:19:44
XBV00067.VDF : 8.11.193.76 13824 Bytes 07.12.2014 17:19:45
XBV00068.VDF : 8.11.193.78 31744 Bytes 08.12.2014 07:23:02
XBV00069.VDF : 8.11.193.98 2048 Bytes 08.12.2014 07:23:02
XBV00070.VDF : 8.11.193.118 7680 Bytes 08.12.2014 09:23:07
XBV00071.VDF : 8.11.193.138 3584 Bytes 08.12.2014 11:23:02
XBV00072.VDF : 8.11.193.158 24064 Bytes 08.12.2014 13:23:02
XBV00073.VDF : 8.11.193.160 2048 Bytes 08.12.2014 13:23:02
XBV00074.VDF : 8.11.193.162 2048 Bytes 08.12.2014 13:23:02
XBV00075.VDF : 8.11.193.168 2560 Bytes 08.12.2014 10:14:08
XBV00076.VDF : 8.11.193.170 2048 Bytes 08.12.2014 10:14:08
XBV00077.VDF : 8.11.193.172 2048 Bytes 08.12.2014 10:14:08
XBV00078.VDF : 8.11.193.174 31232 Bytes 08.12.2014 10:14:08
XBV00079.VDF : 8.11.193.176 2048 Bytes 08.12.2014 10:14:08
XBV00080.VDF : 8.11.193.180 14336 Bytes 09.12.2014 10:14:08
XBV00081.VDF : 8.11.193.184 8192 Bytes 09.12.2014 10:14:08
XBV00082.VDF : 8.11.193.188 10240 Bytes 09.12.2014 10:14:08
XBV00083.VDF : 8.11.193.190 4096 Bytes 09.12.2014 10:14:08
XBV00084.VDF : 8.11.193.192 5120 Bytes 09.12.2014 17:50:01
XBV00085.VDF : 8.11.193.194 7680 Bytes 09.12.2014 17:50:01
XBV00086.VDF : 8.11.193.196 9216 Bytes 09.12.2014 17:50:01
XBV00087.VDF : 8.11.193.198 2048 Bytes 09.12.2014 17:50:01
XBV00088.VDF : 8.11.193.202 25088 Bytes 09.12.2014 19:49:43
XBV00089.VDF : 8.11.193.208 63488 Bytes 09.12.2014 07:26:04
XBV00090.VDF : 8.11.197.100 1426944 Bytes 23.12.2014 08:42:24
XBV00091.VDF : 8.11.197.116 5120 Bytes 23.12.2014 08:42:24
XBV00092.VDF : 8.11.197.134 22016 Bytes 23.12.2014 08:42:24
XBV00093.VDF : 8.11.197.152 21504 Bytes 23.12.2014 08:42:24
XBV00094.VDF : 8.11.197.154 2048 Bytes 23.12.2014 08:42:24
XBV00095.VDF : 8.11.197.156 12288 Bytes 23.12.2014 08:42:24
XBV00096.VDF : 8.11.197.158 8192 Bytes 23.12.2014 08:42:24
XBV00097.VDF : 8.11.197.160 26112 Bytes 24.12.2014 08:42:24
XBV00098.VDF : 8.11.197.162 8192 Bytes 24.12.2014 08:42:24
XBV00099.VDF : 8.11.197.164 20480 Bytes 24.12.2014 10:42:07
XBV00100.VDF : 8.11.197.166 7680 Bytes 24.12.2014 10:42:07
XBV00101.VDF : 8.11.197.170 22016 Bytes 24.12.2014 17:47:20
XBV00102.VDF : 8.11.197.172 6144 Bytes 24.12.2014 17:47:20
XBV00103.VDF : 8.11.197.174 6144 Bytes 24.12.2014 17:47:20
XBV00104.VDF : 8.11.197.190 44032 Bytes 25.12.2014 17:47:21
XBV00105.VDF : 8.11.197.204 2048 Bytes 25.12.2014 17:47:21
XBV00106.VDF : 8.11.197.218 16896 Bytes 25.12.2014 17:47:21
XBV00107.VDF : 8.11.197.232 6656 Bytes 25.12.2014 17:47:21
XBV00108.VDF : 8.11.197.248 94208 Bytes 26.12.2014 10:25:59
XBV00109.VDF : 8.11.198.6 12288 Bytes 26.12.2014 12:25:57
XBV00110.VDF : 8.11.198.20 13824 Bytes 26.12.2014 14:25:58
XBV00111.VDF : 8.11.198.36 10752 Bytes 26.12.2014 09:42:19
XBV00112.VDF : 8.11.198.38 2048 Bytes 26.12.2014 09:42:19
XBV00113.VDF : 8.11.198.40 2048 Bytes 26.12.2014 09:42:19
XBV00114.VDF : 8.11.198.54 108544 Bytes 27.12.2014 09:42:19
XBV00115.VDF : 8.11.198.56 2048 Bytes 27.12.2014 09:42:19
XBV00116.VDF : 8.11.198.70 23552 Bytes 27.12.2014 09:42:19
XBV00117.VDF : 8.11.198.88 94208 Bytes 28.12.2014 11:42:06
XBV00118.VDF : 8.11.198.100 18432 Bytes 28.12.2014 15:42:19
XBV00119.VDF : 8.11.198.112 85504 Bytes 29.12.2014 09:25:47
XBV00120.VDF : 8.11.198.114 2048 Bytes 29.12.2014 09:25:47
XBV00121.VDF : 8.11.198.126 13824 Bytes 29.12.2014 09:25:47
XBV00122.VDF : 8.11.198.138 4096 Bytes 29.12.2014 11:25:45
XBV00123.VDF : 8.11.198.150 9216 Bytes 29.12.2014 11:25:46
XBV00124.VDF : 8.11.198.162 12288 Bytes 29.12.2014 13:25:49
XBV00125.VDF : 8.11.198.176 23040 Bytes 29.12.2014 17:39:25
XBV00126.VDF : 8.11.198.178 12800 Bytes 29.12.2014 17:39:25
XBV00127.VDF : 8.11.198.180 109056 Bytes 30.12.2014 17:39:26
XBV00128.VDF : 8.11.198.182 9728 Bytes 30.12.2014 17:39:26
XBV00129.VDF : 8.11.198.184 11264 Bytes 30.12.2014 17:39:26
XBV00130.VDF : 8.11.198.186 12800 Bytes 30.12.2014 17:39:26
XBV00131.VDF : 8.11.198.188 7680 Bytes 30.12.2014 17:39:26
XBV00132.VDF : 8.11.198.192 14848 Bytes 30.12.2014 13:19:19
XBV00133.VDF : 8.11.198.194 12800 Bytes 30.12.2014 13:19:19
XBV00134.VDF : 8.11.198.198 86016 Bytes 31.12.2014 13:19:19
XBV00135.VDF : 8.11.198.210 7680 Bytes 31.12.2014 13:19:19
XBV00136.VDF : 8.11.198.220 12288 Bytes 31.12.2014 17:02:42
XBV00137.VDF : 8.11.198.230 2048 Bytes 31.12.2014 17:02:43
XBV00138.VDF : 8.11.198.240 28160 Bytes 31.12.2014 17:02:43
XBV00139.VDF : 8.11.198.242 107520 Bytes 01.01.2015 17:02:43
XBV00140.VDF : 8.11.198.252 16384 Bytes 01.01.2015 17:02:43
XBV00141.VDF : 8.11.199.6 43008 Bytes 02.01.2015 17:02:43
XBV00142.VDF : 8.11.199.16 20992 Bytes 02.01.2015 17:02:43
XBV00143.VDF : 8.11.199.28 35840 Bytes 02.01.2015 17:02:44
XBV00144.VDF : 8.11.199.38 4608 Bytes 02.01.2015 17:02:44
XBV00145.VDF : 8.11.199.40 22528 Bytes 02.01.2015 21:02:42
XBV00146.VDF : 8.11.199.42 2048 Bytes 02.01.2015 21:02:42
XBV00147.VDF : 8.11.199.44 6656 Bytes 02.01.2015 13:03:36
XBV00148.VDF : 8.11.199.46 6656 Bytes 02.01.2015 13:03:36
XBV00149.VDF : 8.11.199.48 86528 Bytes 03.01.2015 13:03:36
XBV00150.VDF : 8.11.199.58 2048 Bytes 03.01.2015 13:03:36
XBV00151.VDF : 8.11.199.66 27648 Bytes 03.01.2015 13:03:37
XBV00152.VDF : 8.11.199.74 2048 Bytes 03.01.2015 13:03:37
XBV00153.VDF : 8.11.199.82 11264 Bytes 03.01.2015 13:03:37
XBV00154.VDF : 8.11.199.90 13824 Bytes 03.01.2015 13:03:37
XBV00155.VDF : 8.11.199.92 9728 Bytes 03.01.2015 13:03:37
XBV00156.VDF : 8.11.199.94 85504 Bytes 04.01.2015 13:03:37
XBV00157.VDF : 8.11.199.102 11776 Bytes 04.01.2015 13:03:37
XBV00158.VDF : 8.11.199.110 9216 Bytes 04.01.2015 13:03:37
XBV00159.VDF : 8.11.199.118 10240 Bytes 04.01.2015 13:03:37
XBV00160.VDF : 8.11.199.126 12288 Bytes 04.01.2015 13:03:37
XBV00161.VDF : 8.11.199.128 29696 Bytes 05.01.2015 13:03:37
XBV00162.VDF : 8.11.199.130 2048 Bytes 05.01.2015 13:03:37
XBV00163.VDF : 8.11.199.132 2048 Bytes 05.01.2015 13:03:37
XBV00164.VDF : 8.11.199.134 17408 Bytes 05.01.2015 13:03:37
XBV00165.VDF : 8.11.199.136 9216 Bytes 05.01.2015 13:03:37
XBV00166.VDF : 8.11.199.138 12288 Bytes 05.01.2015 13:03:37
XBV00167.VDF : 8.11.199.142 19968 Bytes 05.01.2015 10:14:43
XBV00168.VDF : 8.11.199.144 2048 Bytes 05.01.2015 10:14:43
XBV00169.VDF : 8.11.199.146 2048 Bytes 05.01.2015 10:14:43
XBV00170.VDF : 8.11.199.148 2048 Bytes 05.01.2015 10:14:43
XBV00171.VDF : 8.11.199.158 43520 Bytes 05.01.2015 10:14:43
XBV00172.VDF : 8.11.199.164 12288 Bytes 05.01.2015 10:14:43
XBV00173.VDF : 8.11.199.172 22528 Bytes 06.01.2015 10:14:43
XBV00174.VDF : 8.11.199.178 9216 Bytes 06.01.2015 10:14:44
XBV00175.VDF : 8.11.199.180 3584 Bytes 06.01.2015 10:14:44
XBV00176.VDF : 8.11.199.182 13824 Bytes 06.01.2015 10:14:44
XBV00177.VDF : 8.11.199.184 13312 Bytes 06.01.2015 10:14:44
XBV00178.VDF : 8.11.199.186 17920 Bytes 06.01.2015 12:40:41
XBV00179.VDF : 8.11.199.188 18432 Bytes 06.01.2015 12:40:41
XBV00180.VDF : 8.11.199.192 94720 Bytes 06.01.2015 12:40:41
XBV00181.VDF : 8.11.199.196 56832 Bytes 06.01.2015 12:40:42
XBV00182.VDF : 8.11.199.198 28672 Bytes 06.01.2015 12:40:42
XBV00183.VDF : 8.11.199.200 19456 Bytes 06.01.2015 12:40:42
XBV00184.VDF : 8.11.199.202 3584 Bytes 06.01.2015 12:40:42
XBV00185.VDF : 8.11.199.206 3584 Bytes 07.01.2015 12:40:42
XBV00186.VDF : 8.11.199.210 102400 Bytes 07.01.2015 12:40:42
XBV00187.VDF : 8.11.199.216 3584 Bytes 07.01.2015 12:40:42
XBV00188.VDF : 8.11.199.222 2048 Bytes 07.01.2015 12:40:42
XBV00189.VDF : 8.11.199.228 23552 Bytes 07.01.2015 12:40:42
XBV00190.VDF : 8.11.199.234 19968 Bytes 07.01.2015 12:40:42
XBV00191.VDF : 8.11.199.240 30208 Bytes 07.01.2015 12:40:42
XBV00192.VDF : 8.11.199.244 83968 Bytes 07.01.2015 20:40:26
XBV00193.VDF : 8.11.199.246 2048 Bytes 07.01.2015 20:40:26
XBV00194.VDF : 8.11.199.252 78336 Bytes 07.01.2015 07:20:03
XBV00195.VDF : 8.11.200.0 35328 Bytes 07.01.2015 07:20:03
XBV00196.VDF : 8.11.200.4 38400 Bytes 07.01.2015 07:20:03
XBV00197.VDF : 8.11.200.6 3584 Bytes 08.01.2015 07:20:03
XBV00198.VDF : 8.11.200.10 89088 Bytes 08.01.2015 19:03:03
XBV00199.VDF : 8.11.200.12 2048 Bytes 08.01.2015 19:03:03
XBV00200.VDF : 8.11.200.14 58368 Bytes 08.01.2015 19:03:03
XBV00201.VDF : 8.11.200.24 2560 Bytes 08.01.2015 19:03:03
XBV00202.VDF : 8.11.200.34 65536 Bytes 08.01.2015 07:50:30
XBV00203.VDF : 8.11.200.36 2048 Bytes 08.01.2015 07:50:30
XBV00204.VDF : 8.11.200.48 136192 Bytes 08.01.2015 07:50:30
XBV00205.VDF : 8.11.200.58 7168 Bytes 09.01.2015 07:50:30
XBV00206.VDF : 8.11.200.70 64512 Bytes 09.01.2015 07:50:30
XBV00207.VDF : 8.11.200.80 2048 Bytes 09.01.2015 07:50:30
XBV00208.VDF : 8.11.200.82 2048 Bytes 09.01.2015 07:50:30
XBV00209.VDF : 8.11.200.92 35328 Bytes 09.01.2015 10:51:49
XBV00210.VDF : 8.11.200.102 11776 Bytes 09.01.2015 10:51:49
XBV00211.VDF : 8.11.200.110 8192 Bytes 09.01.2015 10:51:49
XBV00212.VDF : 8.11.200.114 15872 Bytes 09.01.2015 10:51:49
XBV00213.VDF : 8.11.200.116 10240 Bytes 09.01.2015 10:51:49
XBV00214.VDF : 8.11.200.118 2048 Bytes 09.01.2015 10:51:49
XBV00215.VDF : 8.11.200.120 12800 Bytes 10.01.2015 10:51:49
XBV00216.VDF : 8.11.200.124 36352 Bytes 10.01.2015 10:51:49
XBV00217.VDF : 8.11.200.126 14848 Bytes 10.01.2015 10:51:49
XBV00218.VDF : 8.11.200.128 13824 Bytes 10.01.2015 10:51:49
XBV00219.VDF : 8.11.200.132 2048 Bytes 10.01.2015 10:51:49
XBV00220.VDF : 8.11.200.140 56832 Bytes 11.01.2015 14:09:33
XBV00221.VDF : 8.11.200.144 2048 Bytes 11.01.2015 14:09:33
XBV00222.VDF : 8.11.200.152 11776 Bytes 11.01.2015 14:09:33
XBV00223.VDF : 8.11.200.160 11776 Bytes 11.01.2015 14:09:33
XBV00224.VDF : 8.11.200.162 8192 Bytes 11.01.2015 14:09:33
XBV00225.VDF : 8.11.200.170 52736 Bytes 12.01.2015 14:09:33
XBV00226.VDF : 8.11.200.172 2048 Bytes 12.01.2015 14:09:33
XBV00227.VDF : 8.11.200.174 11264 Bytes 12.01.2015 14:09:33
XBV00228.VDF : 8.11.200.176 10240 Bytes 12.01.2015 14:09:33
XBV00229.VDF : 8.11.200.178 7168 Bytes 12.01.2015 14:09:33
XBV00230.VDF : 8.11.200.180 5632 Bytes 12.01.2015 14:09:33
XBV00231.VDF : 8.11.200.184 38400 Bytes 12.01.2015 18:09:24
XBV00232.VDF : 8.11.200.186 2560 Bytes 12.01.2015 18:09:25
XBV00233.VDF : 8.11.200.188 2048 Bytes 12.01.2015 18:09:25
XBV00234.VDF : 8.11.200.198 25088 Bytes 12.01.2015 09:33:35
XBV00235.VDF : 8.11.200.204 8192 Bytes 13.01.2015 09:33:35
XBV00236.VDF : 8.11.200.206 2048 Bytes 13.01.2015 09:33:35
XBV00237.VDF : 8.11.200.214 19968 Bytes 13.01.2015 09:33:35
XBV00238.VDF : 8.11.200.216 2048 Bytes 13.01.2015 09:33:35
XBV00239.VDF : 8.11.200.222 24576 Bytes 13.01.2015 11:33:35
LOCAL001.VDF : 8.11.200.222 120642560 Bytes 13.01.2015 11:33:44
Engineversion : 8.3.28.6
AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 13:45:52
AESCRIPT.DLL : 8.2.2.42 547696 Bytes 11.01.2015 10:51:49
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 11:12:13
AESBX.DLL : 8.2.20.24 1409224 Bytes 09.05.2014 13:19:33
AERDL.DLL : 8.2.1.16 743328 Bytes 29.10.2014 11:24:23
AEPACK.DLL : 8.4.0.56 789360 Bytes 29.11.2014 05:44:57
AEOFFICE.DLL : 8.3.1.8 350120 Bytes 29.11.2014 05:44:56
AEMOBILE.DLL : 8.1.2.0 277360 Bytes 16.12.2014 14:21:31
AEHEUR.DLL : 8.1.4.1472 7948200 Bytes 11.01.2015 10:51:48
AEHELP.DLL : 8.3.1.0 278728 Bytes 28.05.2014 15:27:49
AEGEN.DLL : 8.1.7.40 456608 Bytes 21.12.2014 15:38:11
AEEXP.DLL : 8.4.2.48 252776 Bytes 25.11.2014 17:26:13
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.08.2014 15:01:43
AEDROID.DLL : 8.4.3.6 850800 Bytes 16.12.2014 14:21:31
AECORE.DLL : 8.3.4.0 243624 Bytes 16.12.2014 14:21:30
AEBB.DLL : 8.1.2.0 60448 Bytes 07.08.2014 15:01:43
AVWINLL.DLL : 14.0.7.308 25904 Bytes 18.11.2014 10:28:36
AVPREF.DLL : 14.0.7.308 52016 Bytes 18.11.2014 10:28:40
AVREP.DLL : 14.0.7.308 220976 Bytes 18.11.2014 10:28:40
AVARKT.DLL : 14.0.7.308 227632 Bytes 18.11.2014 10:28:37
AVEVTLOG.DLL : 14.0.7.440 184112 Bytes 09.12.2014 10:13:55
SQLITE3.DLL : 14.0.7.308 453936 Bytes 18.11.2014 10:28:52
AVSMTP.DLL : 14.0.7.308 79096 Bytes 18.11.2014 10:28:41
NETNT.DLL : 14.0.7.308 15152 Bytes 18.11.2014 10:28:50
RCIMAGE.DLL : 14.0.7.308 4888824 Bytes 18.11.2014 10:28:36
RCTEXT.DLL : 14.0.7.318 76080 Bytes 18.11.2014 10:28:36
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Mittwoch, 14. Januar 2015 11:23
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '137' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '158' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkNGUI64.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD10Serv.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolPanlu.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLanGUI.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'FTBCheckUpdates.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDTray.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'WlanNetService.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDFSSvc.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDUpdSvc.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'viakaraokesrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWSCSvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWelcome.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDScan.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '149' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'werfault.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2165' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Festplatte>
Ende des Suchlaufs: Mittwoch, 14. Januar 2015 12:26
Benötigte Zeit: 1:02:05 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
38234 Verzeichnisse wurden überprüft
755070 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
755070 Dateien ohne Befall
7656 Archive wurden durchsucht
0 Warnungen
0 Hinweise
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:29 on 14/01/2015 (Vanessa)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Vanessa (administrator) on VANESSA-PC on 14-01-2015 12:32:05
Running from C:\Users\Vanessa\Desktop
Loaded Profiles: UpdatusUser & Vanessa (Available profiles: UpdatusUser & Vanessa)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Users\Vanessa\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-22] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-08] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-24] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [184320 2007-04-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2532864 2013-11-12] (MyHeritage)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1672705949-1988909465-1368435881-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1672705949-1988909465-1368435881-1001\...\MountPoints2: {6193f1aa-50dd-11e2-b9b2-50465db525c3} - E:\pushinst.exe
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1672705949-1988909465-1368435881-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1672705949-1988909465-1368435881-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1672705949-1988909465-1368435881-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1672705949-1988909465-1368435881-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1672705949-1988909465-1368435881-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1672705949-1988909465-1368435881-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\dv6ucobr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\dv6ucobr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-28]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [805112 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-11-30] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-11-30] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-11-30] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [425984 2008-04-30] (Creative Technology Ltd) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 3wareDrv; C:\Windows\system32\drivers\3wareDrv.sys [102400 2009-08-31] (AMCC)
S3 adp3132; C:\Windows\system32\drivers\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.)
S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [636184 2011-12-06] (Intel Corporation)
S3 MegaSR1; C:\Windows\system32\drivers\MegaSR1.sys [521512 2011-07-28] (LSI Corporation, Inc.)
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-07-16] ()
S3 ocz10xx; C:\Windows\system32\drivers\ocz10xx.sys [137520 2011-07-08] (OCZ Technology Group, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\oa3\asus\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 12:32 - 2015-01-14 12:32 - 00016177 _____ () C:\Users\Vanessa\Desktop\FRST.txt
2015-01-14 12:31 - 2015-01-14 12:32 - 00000000 ____D () C:\FRST
2015-01-14 12:31 - 2015-01-14 12:31 - 02124288 _____ (Farbar) C:\Users\Vanessa\Desktop\FRST64.exe
2015-01-14 12:29 - 2015-01-14 12:29 - 00000476 _____ () C:\Users\Vanessa\Desktop\defogger_disable.log
2015-01-14 12:29 - 2015-01-14 12:29 - 00000000 _____ () C:\Users\Vanessa\defogger_reenable
2015-01-14 12:28 - 2015-01-14 12:28 - 00050477 _____ () C:\Users\Vanessa\Desktop\Defogger.exe
2015-01-14 12:26 - 2015-01-14 12:26 - 00053938 _____ () C:\Users\Vanessa\Desktop\AVSCAN-20150114-112336-165C2452.LOG
2015-01-14 12:21 - 2015-01-14 12:21 - 04242608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-12 16:22 - 2015-01-12 16:22 - 00007002 _____ () C:\Users\Vanessa\AppData\Local\recently-used.xbel
2015-01-12 16:22 - 2015-01-12 16:22 - 00001383 _____ () C:\Users\Vanessa\AppData\Local\psppirerc
2015-01-12 16:19 - 2015-01-12 16:19 - 00003587 _____ () C:\Users\Vanessa\Desktop\Datensatz - Kommentare.sav
2015-01-12 15:36 - 2015-01-12 15:36 - 00008580 _____ () C:\Users\Vanessa\Desktop\Datensatz - Beitraege.sav
2015-01-07 13:43 - 2015-01-07 13:43 - 00001363 _____ () C:\Users\Vanessa\Downloads\4-Beispielsyntax.sps
2015-01-02 18:36 - 2015-01-02 18:40 - 00000000 ____D () C:\Users\Vanessa\Downloads\julsfels
2014-12-26 14:30 - 2014-12-26 14:30 - 00000000 ____D () C:\Users\Vanessa\Documents\Any Video Converter
2014-12-26 14:29 - 2014-12-26 14:30 - 00000000 ____D () C:\Users\Vanessa\AppData\Roaming\Anvsoft
2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\Program Files (x86)\Anvsoft
2014-12-26 14:28 - 2014-12-26 14:28 - 33484984 _____ (Any-Video-Converter.com ) C:\Users\Vanessa\Downloads\avc-free5.7.6.exe
2014-12-18 08:23 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 08:23 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 16:04 - 2014-12-16 16:04 - 00009554 _____ () C:\Users\Vanessa\Downloads\Fiktives Beispiel Reliablilitatsberechnung.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 12:29 - 2012-12-28 11:25 - 00000000 ____D () C:\Users\Vanessa
2015-01-14 12:21 - 2012-12-28 11:44 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 12:21 - 2012-12-28 11:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 12:21 - 2012-12-28 11:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 12:21 - 2012-12-28 11:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 11:33 - 2012-12-28 11:25 - 01348295 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 11:30 - 2009-07-14 05:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 11:30 - 2009-07-14 05:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 11:28 - 2010-11-21 07:50 - 00700470 _____ () C:\Windows\system32\perfh007.dat
2015-01-14 11:28 - 2010-11-21 07:50 - 00150108 _____ () C:\Windows\system32\perfc007.dat
2015-01-14 11:28 - 2009-07-14 06:13 - 01624106 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 11:21 - 2014-10-28 19:06 - 00007313 _____ () C:\Windows\setupact.log
2015-01-14 11:21 - 2012-12-27 11:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-14 11:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 10:52 - 2014-07-20 09:53 - 00000000 ____D () C:\Users\Vanessa\Downloads\Sims 2
2015-01-12 16:22 - 2013-11-21 20:18 - 00040963 _____ () C:\Users\Vanessa\pspp.jnl
2015-01-12 15:50 - 2013-11-21 22:15 - 00000000 ____D () C:\Users\Vanessa\AppData\Local\gtk-2.0
2015-01-12 15:27 - 2014-12-10 15:17 - 00068096 _____ () C:\Users\Vanessa\Downloads\Rosskarten.xls
2015-01-07 14:09 - 2013-01-01 16:11 - 00000000 ____D () C:\Users\Vanessa\Documents\My PSP8 Files
2015-01-07 13:56 - 2012-12-28 11:29 - 00000000 ____D () C:\Users\Vanessa\AppData\Roaming\Adobe
2014-12-30 18:35 - 2012-12-28 11:29 - 00000000 ____D () C:\Users\Vanessa\AppData\Local\Adobe
2014-12-29 11:39 - 2014-04-28 09:06 - 00000000 ____D () C:\Users\Vanessa\Downloads\Monitoring
2014-12-29 10:22 - 2012-11-22 15:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-21 16:37 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-16 18:39 - 2012-12-30 20:36 - 00000000 ____D () C:\Users\Vanessa\AppData\Roaming\The Complete Genealogy Reporter - FTB
2014-12-16 09:59 - 2014-10-24 05:57 - 00000000 ____D () C:\Users\Vanessa\Documents\Sicherung Stick
Some content of TEMP:
====================
C:\Users\Vanessa\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 16:22
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Vanessa at 2015-01-14 12:32:29
Running from C:\Users\Vanessa\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CEP - Color Enable Package (HKLM-x32\...\CEP - Colour Enable Packages_is1) (Version: 6.0b (beta) - Numenor, for ModTheSims2)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.25 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: - )
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1319 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2731.02 - CyberLink Corp.)
DIE SIEDLER - Das Erbe der Könige - Gold Edition (HKLM-x32\...\{E08DE897-B6AF-4DFF-9E90-131E80C876B4}) (Version: 1.00.0000 - Blue Byte)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Die Sims 2 HomeCrafter Plus (HKLM-x32\...\{B1899CD8-9584-4DC5-00AE-48F47CF81183}) (Version: - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version: - )
Die Sims 2: Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version: - )
Die Sims 2: Wilde Campus-Jahre (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version: - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version: - Electronic Arts)
Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version: - Electronic Arts)
Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - )
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version: - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version: - )
Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
Die Sims™ 2 Villen- und Garten-Accessoires (HKLM-x32\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version: - Electronic Arts)
Die Sims™ 2: Glamour-Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version: - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts)
Free MP4 Video Converter version 5.0.44.623 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
Free WebM Video Converter version 5.0.44.623 (HKLM-x32\...\Free WebM Video Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.41.623 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.27.225 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.27.225 - DVDVideoSoft Ltd.)
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2761 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.03.0000 - Ihr Firmenname)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7128 - MyHeritage.com)
NVIDIA 3D Vision Controller-Treiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: - )
SimPE 0.72 (alpha) (HKLM-x32\...\SimPE_is1) (Version: - )
Sims 2 Categorizer (HKLM-x32\...\ST6UNST #1) (Version: - )
Sims2Pack Clean Installer (HKLM-x32\...\Sims2Pack Clean Installer) (Version: - )
Sound Blaster X-Fi (HKLM-x32\...\{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}) (Version: 1.0 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
YTD Video Downloader 4.8.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.1 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
25-12-2014 19:18:44 Geplanter Prüfpunkt
02-01-2015 21:05:31 Geplanter Prüfpunkt
12-01-2015 19:34:14 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1F2C6C38-F8E7-42E4-831B-75CAF34EEE1D} - System32\Tasks\{A45668C8-F0E8-4615-A200-A65994058D0B} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {701A52CA-ACE1-404F-ADDC-630F5B4CCB0E} - System32\Tasks\{633DB8BB-4A8D-4F38-B1E0-EE028BF5AC83} => D:\DEUTSCH\Adobe Photoshop 6\Setup.exe
Task: {BFE3BFF7-389A-4275-A11B-64C6CA91B4E6} - System32\Tasks\AdobeAAMUpdater-1.0-Vanessa-PC-Vanessa => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {DE3DAC32-F217-4601-B90A-D78692202296} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {E6C891FD-F664-4E3C-97EA-EA51BA9DE89E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {F9412237-FC67-4696-84EB-CBDAB104095C} - System32\Tasks\{0FC60407-B7AA-45A0-9FFA-AFB1983289AE} => D:\DEUTSCH\Adobe Photoshop 6\Setup.exe
Task: {FA7853D5-578F-4941-975E-E70B113328AC} - System32\Tasks\{8117AAB8-3873-42DF-9B59-A8622F752A49} => D:\DEUTSCH\Adobe Photoshop 6\Setup.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-12-27 11:29 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-14 12:28 - 2015-01-14 12:28 - 00050477 _____ () C:\Users\Vanessa\Desktop\Defogger.exe
2012-08-03 20:53 - 2012-08-03 20:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-03 15:39 - 2010-08-03 15:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-03 15:39 - 2010-08-03 15:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-12-27 11:19 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-12-27 11:19 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2009-03-17 11:39 - 2009-03-17 11:39 - 00148992 _____ () C:\Windows\SysWOW64\OemSpiE.dll
2014-06-02 12:47 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-02 12:47 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-02 12:47 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-02 12:47 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-02 12:47 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-16 15:37 - 2014-10-16 15:37 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\712c383e9837b8c37b3107f22be9455c\PSIClient.ni.dll
2014-12-09 12:30 - 2014-12-09 12:30 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-11-22 16:25 - 2012-07-18 19:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1672705949-1988909465-1368435881-500 - Administrator - Disabled)
Gast (S-1-5-21-1672705949-1988909465-1368435881-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1672705949-1988909465-1368435881-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-1672705949-1988909465-1368435881-1000 - Limited - Enabled) => C:\Users\UpdatusUser
Vanessa (S-1-5-21-1672705949-1988909465-1368435881-1001 - Administrator - Enabled) => C:\Users\Vanessa
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/14/2015 11:25:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 14.0.7.462 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17e4
Startzeit: 01d02fe427d3f340
Endzeit: 60000
Anwendungspfad: C:\program files (x86)\avira\antivir desktop\avscan.exe
Berichts-ID: 6e2b00a1-9bd7-11e4-86ac-bc05430d8b78
Error: (01/14/2015 11:22:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2015 10:28:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/12/2015 03:07:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 11:46:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/09/2015 08:45:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/08/2015 01:58:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/08/2015 08:15:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/07/2015 01:35:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/06/2015 11:10:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/14/2015 11:24:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/14/2015 11:24:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/13/2015 10:31:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/13/2015 10:31:00 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/12/2015 03:10:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/12/2015 03:10:02 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/12/2015 03:07:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 11.01.2015 um 12:24:30 unerwartet heruntergefahren.
Error: (01/11/2015 11:49:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/11/2015 11:49:05 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/09/2015 08:47:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Microsoft Office Sessions:
=========================
Error: (04/28/2014 10:58:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4249 seconds with 4140 seconds of active time. This session ended with a crash.
Error: (04/01/2014 11:51:45 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8909 seconds with 8340 seconds of active time. This session ended with a crash.
Error: (11/11/2013 02:07:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 327 seconds with 300 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 30%
Total physical RAM: 8144.18 MB
Available physical RAM: 5655.12 MB
Total Pagefile: 16286.54 MB
Available Pagefile: 13397.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Festplatte) (Fixed) (Total:931.51 GB) (Free:720.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8A42BBC4)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-14 12:40:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006d ATA_____ rev.CC44 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Vanessa\AppData\Local\Temp\fwliifog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037ab000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800037ab02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[2712] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 00000000732613b0 2 bytes JMP 76155660 C:\Windows\syswow64\SHELL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[2712] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 00000000732613c0 2 bytes CALL 772a9cee C:\Windows\syswow64\msvcrt.dll
.text ... * 20
.text C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[2712] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 000000007326153e 2 bytes CALL 761e777c C:\Windows\syswow64\SHELL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[2712] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000073261553 2 bytes CALL 75fb10ff C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\rundll32.exe[2720] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 00000000732613b0 2 bytes JMP 76155660 C:\Windows\syswow64\SHELL32.dll
.text C:\Windows\SysWOW64\rundll32.exe[2720] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 00000000732613c0 2 bytes CALL 772a9cee C:\Windows\syswow64\msvcrt.dll
.text ... * 20
.text C:\Windows\SysWOW64\rundll32.exe[2720] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 000000007326153e 2 bytes CALL 761e777c C:\Windows\syswow64\SHELL32.dll
.text C:\Windows\SysWOW64\rundll32.exe[2720] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000073261553 2 bytes CALL 75fb10ff C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 75fdb21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 75fdb346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76058ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 75fb48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 760587a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76058978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76058698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76058a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 75fcfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 75fd68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76058f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76058ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 7605865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 75fcfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 75fdb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76058e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 760585f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 75fdb21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 75fdb346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76058ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 75fb48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 760587a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76058978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76058698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76058a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 75fcfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000779b1555 2 bytes JMP 75fd68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76058f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76058ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 7605865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 75fcfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 75fdb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76058e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2872] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 760585f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 75fdb21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 75fdb346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76058ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 75fb48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 760587a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76058978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76058698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76058a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 75fcfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000779b1555 2 bytes JMP 75fd68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76058f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76058ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 7605865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 75fcfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 75fdb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76058e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 760585f1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000779b1401 2 bytes JMP 75fdb21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000779b1419 2 bytes JMP 75fdb346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000779b1431 2 bytes JMP 76058ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000779b144a 2 bytes CALL 75fb48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779b14dd 2 bytes JMP 760587a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779b14f5 2 bytes JMP 76058978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000779b150d 2 bytes JMP 76058698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000779b1525 2 bytes JMP 76058a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000779b153d 2 bytes JMP 75fcfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000779b1555 2 bytes JMP 75fd68ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000779b156d 2 bytes JMP 76058f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000779b1585 2 bytes JMP 76058ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000779b159d 2 bytes JMP 7605865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779b15b5 2 bytes JMP 75fcfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779b15cd 2 bytes JMP 75fdb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779b16b2 2 bytes JMP 76058e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Vanessa\Desktop\Defogger.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779b16bd 2 bytes JMP 760585f1 C:\Windows\syswow64\kernel32.dll
---- EOF - GMER 2.1 ----
Viele Grüße, Danke schon mal und hoffentlich bis bald! |
|
14.01.2015, 13:05
| #2 |
| /// the machine /// TB-Ausbilder    | TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
|
14.01.2015, 13:15
| #3 |
| | TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post Den YTD habe ich deinstalliert.
__________________Combofix meckert, dass die Schutzsoftware blockiere, ich habe den Echtzeitschutz aber ausgeschalten. Avira hat mir gemeldet, dass ein Zugriff auf die Registry blockiert wurde. Soll ich jetzt trotzdem bei der Warnmeldung von Combofix auf OK klicken? EDIT: Ah nein, er meckert über den Spybot Search&Destroy. Da muss ich erstmal kurz gucken wie der zu deaktivieren geht! Ich melde mich wieder |
|
14.01.2015, 13:26
| #4 |
| /// the machine /// TB-Ausbilder | TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.01.2015, 13:30
| #5 |
| | TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post So, hier kommt combofix.txt: Code:
ATTFilter ComboFix 15-01-08.01 - Vanessa 14.01.2015 13:24:45.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8144.5717 [GMT 1:00]
ausgeführt von:: c:\users\Vanessa\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini2
c:\windows\SysWow64\tmpB847.tmp
c:\windows\SysWow64\tmpF3EF.tmp
c:\windows\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-14 bis 2015-01-14 ))))))))))))))))))))))))))))))
.
.
2015-01-14 12:27 . 2015-01-14 12:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-01-14 12:27 . 2015-01-14 12:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-14 12:08 . 2015-01-14 12:08 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-01-14 11:31 . 2015-01-14 11:32 -------- d-----w- C:\FRST
2015-01-14 11:21 . 2015-01-14 11:21 4242608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-12-26 13:29 . 2014-12-26 13:30 -------- d-----w- c:\users\Vanessa\AppData\Roaming\Anvsoft
2014-12-26 13:29 . 2014-12-26 13:29 -------- d-----w- c:\program files (x86)\Anvsoft
2014-12-18 07:23 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-18 07:23 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-14 11:21 . 2012-12-28 10:44 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 11:21 . 2012-12-28 10:44 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-11 07:25 . 2012-10-02 07:59 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-04 02:50 . 2014-12-11 07:20 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 07:20 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 07:20 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 07:20 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 07:20 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 07:20 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 07:20 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 07:20 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 07:20 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 07:20 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 07:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 07:20 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 07:20 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 07:20 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 07:20 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 07:20 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 07:20 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 07:20 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 07:20 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 07:20 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 07:20 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 07:20 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 07:20 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 07:20 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 07:20 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 07:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 07:20 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 07:20 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 07:20 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 07:20 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 07:20 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 07:20 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 07:20 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 07:20 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 07:20 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 07:20 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 07:20 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 07:20 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 07:20 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 07:20 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 07:20 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 07:20 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 07:20 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 07:20 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 07:20 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 07:20 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 07:20 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 07:20 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-11 07:20 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 07:36 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 07:36 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 07:20 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 07:36 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 07:36 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 07:20 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 07:18 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 07:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-11 07:18 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-11 07:18 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 08:54 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 08:54 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 08:54 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-11 07:24 4121600 ----a-w- c:\windows\system32\mf.dll
2014-10-18 01:33 . 2014-11-12 08:54 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-11 07:24 3209728 ----a-w- c:\windows\SysWow64\mf.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-06-08 5123216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-24 290688]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"SPIRunE"="SPIRunE.dll" [2007-05-09 18432]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-09 702768]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2013-11-12 2532864]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-08-03 685048]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 3wareDrv;3wareDrv;c:\windows\system32\drivers\3wareDrv.sys;c:\windows\SYSNATIVE\drivers\3wareDrv.sys [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 adp3132;adp3132;c:\windows\system32\drivers\adp3132.sys;c:\windows\SYSNATIVE\drivers\adp3132.sys [x]
R3 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys;c:\windows\SYSNATIVE\drivers\asahci64.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 e1edc438-f640-4184-a443-d2a7c37a01dc;ASUS home made driver;c:\oa3\asus\690b33e1-0462-4e84-9bea-c7552b45432a.sys;c:\oa3\asus\690b33e1-0462-4e84-9bea-c7552b45432a.sys [x]
R3 iaStorS;iaStorS;c:\windows\system32\drivers\iaStorS.sys;c:\windows\SYSNATIVE\drivers\iaStorS.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MegaSR1;MegaSR1;c:\windows\system32\drivers\MegaSR1.sys;c:\windows\SYSNATIVE\drivers\MegaSR1.sys [x]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys;c:\windows\SYSNATIVE\drivers\mv91cons.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 ocz10xx;ocz10xx;c:\windows\system32\drivers\ocz10xx.sys;c:\windows\SYSNATIVE\drivers\ocz10xx.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FWLIIFOG
*Deregistered* - fwliifog
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-28 11:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-22 6548112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\dv6ucobr.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-14 13:28:33
ComboFix-quarantined-files.txt 2015-01-14 12:28
.
Vor Suchlauf: 8 Verzeichnis(se), 773.070.913.536 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 772.888.350.720 Bytes frei
.
- - End Of File - - EA1F6CF4E98DE1753B52D30A3415ECC0
A36C5E4F47E84449FF07ED3517B43A31
|
|
14.01.2015, 15:32
| #6 |
| /// the machine /// TB-Ausbilder | TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post |
|
14.01.2015, 19:33
| #7 |
| | TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post Danke für deine Hilfe, schrauber. Hier sind die Logfiles: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.01.2015 Suchlauf-Zeit: 19:03:43 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.14.08 Rootkit Datenbank: v2015.01.07.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Vanessa Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 391807 Verstrichene Zeit: 6 Min, 42 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\WOW6432NODE\VITTALIA\AxtanInstaller, In Quarantäne, [64ec6e89206995a15901902046bdd52b], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 14/01/2015 um 19:19:57
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Vanessa - VANESSA-PC
# Gestartet von : C:\Users\Vanessa\Desktop\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Vittalia
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0.5 (x86 de)
*************************
AdwCleaner[R0].txt - [1159 octets] - [14/01/2015 19:18:23]
AdwCleaner[S0].txt - [984 octets] - [14/01/2015 19:19:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1043 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Vanessa on 14.01.2015 at 19:24:27,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\dv6ucobr.default\minidumps [134 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.01.2015 at 19:26:46,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
14.01.2015, 19:41
| #8 |
| /// the machine /// TB-Ausbilder | TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im PostESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.01.2015, 22:17
| #9 |
| | TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post Eset-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d8826e3c54e5214083be5c3a7b924fb9
# engine=21968
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-14 08:19:39
# local_time=2015-01-14 09:19:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 47451779 172896629 0 0
# scanned=435459
# found=0
# cleaned=0
# scan_time=5223
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01 Ran by Vanessa (administrator) on VANESSA-PC on 14-01-2015 22:13:51 Running from C:\Users\Vanessa\Desktop Loaded Profiles: Vanessa (Available profiles: UpdatusUser & Vanessa) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\splwow64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-22] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-08] (VIA) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-24] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation) HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [184320 2007-04-17] (Creative Technology Ltd) HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2532864 2013-11-12] (MyHeritage) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1672705949-1988909465-1368435881-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1672705949-1988909465-1368435881-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1672705949-1988909465-1368435881-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1672705949-1988909465-1368435881-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\dv6ucobr.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\dv6ucobr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-30] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-28] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [805112 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed] S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-11-30] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-11-30] (Creative Labs) [File not signed] S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-11-30] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [425984 2008-04-30] (Creative Technology Ltd) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 3wareDrv; C:\Windows\system32\drivers\3wareDrv.sys [102400 2009-08-31] (AMCC) S3 adp3132; C:\Windows\system32\drivers\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.) S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [36448 2011-03-23] (Asmedia Technology) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin) R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-11-19] (Intel Corporation) S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [636184 2011-12-06] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 MegaSR1; C:\Windows\system32\drivers\MegaSR1.sys [521512 2011-07-28] (LSI Corporation, Inc.) S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-07-16] () S3 ocz10xx; C:\Windows\system32\drivers\ocz10xx.sys [137520 2011-07-08] (OCZ Technology Group, Inc.) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\oa3\asus\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 22:13 - 2015-01-14 22:14 - 00016507 _____ () C:\Users\Vanessa\Desktop\FRST.txt 2015-01-14 22:13 - 2015-01-14 22:13 - 00000041 _____ () C:\Users\Vanessa\Desktop\checkup.txt 2015-01-14 22:13 - 2015-01-14 22:13 - 00000000 ____D () C:\Users\Vanessa\Desktop\FRST-OlderVersion 2015-01-14 22:11 - 2015-01-14 22:11 - 00852505 _____ () C:\Users\Vanessa\Desktop\SecurityCheck.exe 2015-01-14 22:11 - 2015-01-14 22:11 - 00000690 _____ () C:\Users\Vanessa\Desktop\eset.txt 2015-01-14 19:45 - 2015-01-14 19:45 - 02347384 _____ (ESET) C:\Users\Vanessa\Desktop\esetsmartinstaller_deu.exe 2015-01-14 19:24 - 2015-01-14 19:24 - 00000000 ____D () C:\Windows\ERUNT 2015-01-14 19:23 - 2015-01-14 19:23 - 01707939 _____ (Thisisu) C:\Users\Vanessa\Desktop\JRT.exe 2015-01-14 19:18 - 2015-01-14 19:19 - 00000000 ____D () C:\AdwCleaner 2015-01-14 19:17 - 2015-01-14 19:17 - 02191360 _____ () C:\Users\Vanessa\Desktop\AdwCleaner_4.107.exe 2015-01-14 19:03 - 2015-01-14 20:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-14 19:02 - 2015-01-14 19:02 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-14 19:02 - 2015-01-14 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-14 19:02 - 2015-01-14 19:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-14 19:02 - 2015-01-14 19:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-14 19:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-14 19:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-14 19:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-14 19:00 - 2015-01-14 19:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Vanessa\Desktop\mbam-setup-2.0.4.1028.exe 2015-01-14 13:54 - 2015-01-14 19:20 - 00002104 _____ () C:\Windows\PFRO.log 2015-01-14 13:28 - 2015-01-14 13:28 - 00024926 _____ () C:\ComboFix.txt 2015-01-14 13:23 - 2015-01-14 13:28 - 00000000 ____D () C:\ComboFix 2015-01-14 13:23 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-14 13:23 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-14 13:23 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-14 13:23 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-14 13:23 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-14 13:23 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-14 13:23 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-14 13:23 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-14 13:12 - 2015-01-14 13:28 - 00000000 ____D () C:\Qoobox 2015-01-14 13:12 - 2015-01-14 13:27 - 00000000 ____D () C:\Windows\erdnt 2015-01-14 13:11 - 2015-01-14 13:11 - 05609736 ____R (Swearware) C:\Users\Vanessa\Desktop\ComboFix.exe 2015-01-14 13:08 - 2015-01-14 13:08 - 00001278 _____ () C:\Users\Vanessa\Desktop\Revo Uninstaller.lnk 2015-01-14 13:08 - 2015-01-14 13:08 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-14 12:34 - 2015-01-14 12:34 - 00380416 _____ () C:\Users\Vanessa\Desktop\Gmer-19357.exe 2015-01-14 12:31 - 2015-01-14 22:13 - 02125312 _____ (Farbar) C:\Users\Vanessa\Desktop\FRST64.exe 2015-01-14 12:31 - 2015-01-14 22:13 - 00000000 ____D () C:\FRST 2015-01-14 12:29 - 2015-01-14 12:29 - 00000000 _____ () C:\Users\Vanessa\defogger_reenable 2015-01-14 12:28 - 2015-01-14 12:28 - 00050477 _____ () C:\Users\Vanessa\Desktop\Defogger.exe 2015-01-14 12:21 - 2015-01-14 12:21 - 04242608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-01-14 11:33 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 11:33 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 11:33 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 11:33 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 11:33 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 11:33 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 11:33 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 11:33 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 11:33 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 11:33 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 11:33 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 11:33 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 11:33 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-12 16:22 - 2015-01-12 16:22 - 00007002 _____ () C:\Users\Vanessa\AppData\Local\recently-used.xbel 2015-01-12 16:22 - 2015-01-12 16:22 - 00001383 _____ () C:\Users\Vanessa\AppData\Local\psppirerc 2015-01-12 16:19 - 2015-01-12 16:19 - 00003587 _____ () C:\Users\Vanessa\Desktop\Datensatz - Kommentare.sav 2015-01-12 15:36 - 2015-01-12 15:36 - 00008580 _____ () C:\Users\Vanessa\Desktop\Datensatz - Beitraege.sav 2015-01-07 13:43 - 2015-01-07 13:43 - 00001363 _____ () C:\Users\Vanessa\Downloads\4-Beispielsyntax.sps 2015-01-02 18:36 - 2015-01-02 18:40 - 00000000 ____D () C:\Users\Vanessa\Downloads\julsfels 2014-12-26 14:30 - 2014-12-26 14:30 - 00000000 ____D () C:\Users\Vanessa\Documents\Any Video Converter 2014-12-26 14:29 - 2014-12-26 14:30 - 00000000 ____D () C:\Users\Vanessa\AppData\Roaming\Anvsoft 2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft 2014-12-26 14:29 - 2014-12-26 14:29 - 00000000 ____D () C:\Program Files (x86)\Anvsoft 2014-12-26 14:28 - 2014-12-26 14:28 - 33484984 _____ (Any-Video-Converter.com ) C:\Users\Vanessa\Downloads\avc-free5.7.6.exe 2014-12-18 08:23 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 08:23 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-16 16:04 - 2014-12-16 16:04 - 00009554 _____ () C:\Users\Vanessa\Downloads\Fiktives Beispiel Reliablilitatsberechnung.xlsx ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 22:12 - 2013-01-01 16:11 - 00000000 ____D () C:\Users\Vanessa\Documents\My PSP8 Files 2015-01-14 21:21 - 2012-12-28 11:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-14 21:14 - 2012-12-28 11:25 - 01779560 _____ () C:\Windows\WindowsUpdate.log 2015-01-14 19:45 - 2010-11-21 07:50 - 00700470 _____ () C:\Windows\system32\perfh007.dat 2015-01-14 19:45 - 2010-11-21 07:50 - 00150108 _____ () C:\Windows\system32\perfc007.dat 2015-01-14 19:45 - 2009-07-14 06:13 - 01624106 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-14 19:29 - 2009-07-14 05:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-14 19:29 - 2009-07-14 05:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-14 19:20 - 2014-10-28 19:06 - 00008278 _____ () C:\Windows\setupact.log 2015-01-14 19:20 - 2012-12-27 11:29 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-14 19:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-14 14:07 - 2013-08-15 06:32 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 14:05 - 2012-10-02 08:59 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 13:27 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-14 13:23 - 2014-06-02 12:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-14 12:29 - 2012-12-28 11:25 - 00000000 ____D () C:\Users\Vanessa 2015-01-14 12:21 - 2012-12-28 11:44 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-14 12:21 - 2012-12-28 11:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-14 12:21 - 2012-12-28 11:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-13 10:52 - 2014-07-20 09:53 - 00000000 ____D () C:\Users\Vanessa\Downloads\Sims 2 2015-01-12 16:22 - 2013-11-21 20:18 - 00040963 _____ () C:\Users\Vanessa\pspp.jnl 2015-01-12 15:50 - 2013-11-21 22:15 - 00000000 ____D () C:\Users\Vanessa\AppData\Local\gtk-2.0 2015-01-12 15:27 - 2014-12-10 15:17 - 00068096 _____ () C:\Users\Vanessa\Downloads\Rosskarten.xls 2015-01-07 13:56 - 2012-12-28 11:29 - 00000000 ____D () C:\Users\Vanessa\AppData\Roaming\Adobe 2014-12-30 18:35 - 2012-12-28 11:29 - 00000000 ____D () C:\Users\Vanessa\AppData\Local\Adobe 2014-12-29 11:39 - 2014-04-28 09:06 - 00000000 ____D () C:\Users\Vanessa\Downloads\Monitoring 2014-12-29 10:22 - 2012-11-22 15:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-21 16:37 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-16 18:39 - 2012-12-30 20:36 - 00000000 ____D () C:\Users\Vanessa\AppData\Roaming\The Complete Genealogy Reporter - FTB 2014-12-16 09:59 - 2014-10-24 05:57 - 00000000 ____D () C:\Users\Vanessa\Documents\Sicherung Stick Some content of TEMP: ==================== C:\Users\Vanessa\AppData\Local\Temp\avgnt.exe C:\Users\Vanessa\AppData\Local\Temp\Quarantine.exe C:\Users\Vanessa\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 21:41 ==================== End Of Log ============================ --- --- --- --- --- --- Addition auch? Ich poste es einfach mal mit... Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2015 01
Ran by Vanessa at 2015-01-14 22:14:08
Running from C:\Users\Vanessa\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CEP - Color Enable Package (HKLM-x32\...\CEP - Colour Enable Packages_is1) (Version: 6.0b (beta) - Numenor, for ModTheSims2)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.25 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: - )
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1319 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2731.02 - CyberLink Corp.)
DIE SIEDLER - Das Erbe der Könige - Gold Edition (HKLM-x32\...\{E08DE897-B6AF-4DFF-9E90-131E80C876B4}) (Version: 1.00.0000 - Blue Byte)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Die Sims 2 HomeCrafter Plus (HKLM-x32\...\{B1899CD8-9584-4DC5-00AE-48F47CF81183}) (Version: - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version: - )
Die Sims 2: Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version: - )
Die Sims 2: Wilde Campus-Jahre (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version: - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version: - Electronic Arts)
Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version: - Electronic Arts)
Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - )
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version: - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version: - )
Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
Die Sims™ 2 Villen- und Garten-Accessoires (HKLM-x32\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version: - Electronic Arts)
Die Sims™ 2: Glamour-Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version: - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts)
Free MP4 Video Converter version 5.0.44.623 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
Free WebM Video Converter version 5.0.44.623 (HKLM-x32\...\Free WebM Video Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.41.623 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.27.225 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.27.225 - DVDVideoSoft Ltd.)
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2761 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.03.0000 - Ihr Firmenname)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7128 - MyHeritage.com)
NVIDIA 3D Vision Controller-Treiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: - )
SimPE 0.72 (alpha) (HKLM-x32\...\SimPE_is1) (Version: - )
Sims 2 Categorizer (HKLM-x32\...\ST6UNST #1) (Version: - )
Sims2Pack Clean Installer (HKLM-x32\...\Sims2Pack Clean Installer) (Version: - )
Sound Blaster X-Fi (HKLM-x32\...\{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}) (Version: 1.0 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
25-12-2014 19:18:44 Geplanter Prüfpunkt
02-01-2015 21:05:31 Geplanter Prüfpunkt
12-01-2015 19:34:14 Geplanter Prüfpunkt
14-01-2015 13:09:38 Revo Uninstaller's restore point - YTD Video Downloader 4.8.1
14-01-2015 14:05:22 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-01-14 13:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1F2C6C38-F8E7-42E4-831B-75CAF34EEE1D} - System32\Tasks\{A45668C8-F0E8-4615-A200-A65994058D0B} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {701A52CA-ACE1-404F-ADDC-630F5B4CCB0E} - System32\Tasks\{633DB8BB-4A8D-4F38-B1E0-EE028BF5AC83} => D:\DEUTSCH\Adobe Photoshop 6\Setup.exe
Task: {BFE3BFF7-389A-4275-A11B-64C6CA91B4E6} - System32\Tasks\AdobeAAMUpdater-1.0-Vanessa-PC-Vanessa => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {DE3DAC32-F217-4601-B90A-D78692202296} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {E6C891FD-F664-4E3C-97EA-EA51BA9DE89E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {F9412237-FC67-4696-84EB-CBDAB104095C} - System32\Tasks\{0FC60407-B7AA-45A0-9FFA-AFB1983289AE} => D:\DEUTSCH\Adobe Photoshop 6\Setup.exe
Task: {FA7853D5-578F-4941-975E-E70B113328AC} - System32\Tasks\{8117AAB8-3873-42DF-9B59-A8622F752A49} => D:\DEUTSCH\Adobe Photoshop 6\Setup.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-12-27 11:29 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-03 20:53 - 2012-08-03 20:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-02 12:47 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-02 12:47 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-02 12:47 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2010-08-03 15:39 - 2010-08-03 15:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-03 15:39 - 2010-08-03 15:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-12-27 11:19 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-12-27 11:19 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2009-03-17 11:39 - 2009-03-17 11:39 - 00148992 _____ () C:\Windows\SysWOW64\OemSpiE.dll
2014-06-02 12:47 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-02 12:47 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-16 15:37 - 2014-10-16 15:37 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\712c383e9837b8c37b3107f22be9455c\PSIClient.ni.dll
2012-11-22 16:25 - 2012-07-18 19:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-09 12:30 - 2014-12-09 12:30 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1672705949-1988909465-1368435881-500 - Administrator - Disabled)
Gast (S-1-5-21-1672705949-1988909465-1368435881-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1672705949-1988909465-1368435881-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-1672705949-1988909465-1368435881-1000 - Limited - Enabled) => C:\Users\UpdatusUser
Vanessa (S-1-5-21-1672705949-1988909465-1368435881-1001 - Administrator - Enabled) => C:\Users\Vanessa
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/14/2015 10:10:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/14/2015 07:47:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/14/2015 07:45:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (01/14/2015 07:44:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht.
Microsoft Office Sessions:
=========================
Error: (04/28/2014 10:58:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4249 seconds with 4140 seconds of active time. This session ended with a crash.
Error: (04/01/2014 11:51:45 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8909 seconds with 8340 seconds of active time. This session ended with a crash.
Error: (11/11/2013 02:07:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 327 seconds with 300 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-01-14 13:27:21.373
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-14 13:27:21.358
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8144.18 MB
Available physical RAM: 5601.39 MB
Total Pagefile: 16286.54 MB
Available Pagefile: 13099.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Festplatte) (Fixed) (Total:931.51 GB) (Free:717.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DaSi) (Fixed) (Total:297.43 GB) (Free:85.96 GB) NTFS
Drive f: (Transcend) (Fixed) (Total:1862.56 GB) (Free:1776.19 GB) FAT32
Drive g: () (Removable) (Total:30.03 GB) (Free:29.46 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8A42BBC4)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 297.4 GB) (Disk ID: 00035F28)
Partition 1: (Not Active) - (Size=297.4 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0007170B)
Partition 1: (Active) - (Size=1863 GB) - (Type=0C)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)
==================== End Of Log ============================
Danke nochmal & gute Nacht |
|
15.01.2015, 07:11
| #10 |
| /// the machine /// TB-Ausbilder | TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post Das kommt weil wir die Avira-eigene Adware entfernt haben. Avira neu installieren oder gleich was anständiges Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.01.2015, 08:22
| #11 |
| | TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post Guten Morgen schrauber, es hat soweit alles funktioniert (danke auch für die Erklärung hinsichtlich Avira), ich bin dann wohl frei von etwas Ballast ;-) Ich danke dir herzlich für deine Hilfe und auch für die Tipps. Ein gutes Gefühl bleibt trotzdem, wenn man weiß, wo man sich im Notfall hinwenden kann! In diesem Sinne: Einen schönen Tag dir! |
|
15.01.2015, 08:31
| #12 |
| /// the machine /// TB-Ausbilder | TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu TR/Rogue.7735808 eingefangen - Beschreibung & Logfiles im Post |
| avira, bonjour, browser, desktop, dllhost.exe, downloader, dvdvideosoft ltd., excel, festplatte, firefox, flash player, hdd0(c:), install.exe, internet, mozilla, mp3, problem, programm, prozesse, realtek, registry, rundll, security, software, stick, super, svchost.exe, system, trojaner, windows |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
