|
Plagegeister aller Art und deren Bekämpfung: Spacekace deliverysystem-log in C:\SpacekaceWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.01.2015, 15:50 | #1 |
| Spacekace deliverysystem-log in C:\Spacekace Hallo! Ich habe mich neu hier im Forum angemeldet, da ich heute Folgendes entdeckt habe: In C:\Spacekace befindet sich die Datei deliverysystem-log als Textdatei, 54 KB. Ich bin über die Google-Suche auf euer Forum gestoßen. Ich kenne mich leider nicht all zu gut mit PCs aus um bewerten zu können ob das eine Bedrohung für meinen Laptop darstellt? Ich habe bislang keine Probleme gehabt habe lediglich heute als ich auf der Suche nach einer anderen Datei war dieses Verzeichnis mit der Textdatei gefunden und würde nun gerne wissen was zu tun ist. Als Anti-Viren-Programm benutze ich Kaspersky Internet Security. Ich habe mir den Thread bezüglich "Anleitung für Hilfesuchende" duchgelesen und weiß, dass ich bezüglich der Sammlung von Informationen diverse Programme installieren und die logfiles posten muss. Ist das bei diesem Befund nötig bzw. kann man das überhaupt schon sagen? Oder soll ich das einfach mal machen? Liebe Grüße |
27.01.2015, 17:42 | #2 |
/// the machine /// TB-Ausbilder | Spacekace deliverysystem-log in C:\Spacekace hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
27.01.2015, 20:17 | #3 |
| Spacekace deliverysystem-log in C:\Spacekace Ok, vielen Dank!
__________________FRST Code:
ATTFilter ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (SAMSUNG ELECTRONICS CO., Ltd.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Dropbox, Inc.) C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-11-24] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2776872 2011-08-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-454197360-789761907-2218566396-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-454197360-789761907-2218566396-1000\...\MountPoints2: {205dd68a-5755-11e3-b59e-c145d7381a0f} - D:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-454197360-789761907-2218566396-1000\...\MountPoints2: {3e292d0c-27e5-11e2-a3d7-faf609466b1a} - D:\LaunchU3.exe -a HKU\S-1-5-21-454197360-789761907-2218566396-1000\...\MountPoints2: {5bedb13d-a3a7-11e3-8247-a68e6fe25011} - D:\HTC_Sync_Manager_PC.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe () Startup: C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-454197360-789761907-2218566396-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://owa.schrammek.de/owa HKU\S-1-5-21-454197360-789761907-2218566396-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 192.168.1.2 teampoint Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\pt8kimwn.default FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Programme\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-454197360-789761907-2218566396-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Tina\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Extension: Adblock Plus - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\pt8kimwn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-06] FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-04-27] FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-04-27] FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-04-27] StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [2011-04-25] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [2011-04-25] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [2011-04-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO) R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-23] (Diskeeper Corporation) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent) R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2010-12-17] () [File not signed] R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation) [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed] R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-23] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-23] (Diskeeper Corporation) R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-15] (Intel Corporation) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-30] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) S3 SCL01164; C:\Windows\System32\DRIVERS\SCL01164.sys [72320 2010-05-07] (SCM Microsystems Inc.) R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 20:13 - 2015-01-27 20:13 - 02129920 _____ (Farbar) C:\Users\Tina\Downloads\FRST64.exe 2015-01-27 20:13 - 2015-01-27 20:13 - 00017371 _____ () C:\Users\Tina\Downloads\FRST.txt 2015-01-27 20:13 - 2015-01-27 20:13 - 00000000 ____D () C:\FRST 2015-01-14 20:00 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-14 20:00 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-14 20:00 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-01-14 20:00 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-01-14 20:00 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-01-14 20:00 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-14 20:00 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-14 20:00 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll 2015-01-14 20:00 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll 2015-01-14 19:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-01-14 19:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-01-14 19:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-01-14 19:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2014-12-30 19:17 - 2015-01-25 20:01 - 00000000 ____D () C:\Users\Tina\Desktop\Dermatologikum ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 20:12 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-27 20:12 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-27 20:09 - 2011-11-20 06:47 - 04800614 _____ () C:\windows\system32\perfh007.dat 2015-01-27 20:09 - 2011-11-20 06:47 - 01462710 _____ () C:\windows\system32\perfc007.dat 2015-01-27 20:09 - 2009-07-14 06:13 - 00006516 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-27 20:08 - 2014-10-05 12:25 - 02079381 _____ () C:\windows\WindowsUpdate.log 2015-01-27 20:06 - 2012-07-07 22:34 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Dropbox 2015-01-27 20:05 - 2012-04-27 23:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-27 20:03 - 2014-10-07 08:50 - 00010925 _____ () C:\windows\setupact.log 2015-01-27 20:03 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-01-27 19:30 - 2014-03-24 16:46 - 00000536 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-454197360-789761907-2218566396-1000.job 2015-01-27 16:03 - 2014-10-17 21:20 - 00007124 _____ () C:\windows\PFRO.log 2015-01-27 16:03 - 2012-06-26 11:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 15:24 - 2012-04-29 22:00 - 00000000 ____D () C:\Programme 2015-01-27 15:10 - 2013-12-29 09:44 - 00000000 ____D () C:\Users\Tina\AppData\Local\Battle.net 2015-01-19 22:10 - 2014-08-05 10:06 - 00000000 ____D () C:\Users\Tina\Desktop\Bewerbung 2015-01-19 21:00 - 2013-12-31 15:12 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 2015-01-19 09:19 - 2012-08-29 17:21 - 00000000 ____D () C:\Users\Tina\Documents\Meine empfangenen Dateien 2015-01-19 09:18 - 2014-12-23 17:23 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\vlc 2015-01-18 17:09 - 2013-12-26 09:57 - 00000000 ____D () C:\Users\Tina\Desktop\Diss_aktuell 2015-01-18 17:01 - 2012-05-01 08:31 - 00000000 ____D () C:\Users\Tina\Desktop\WWU 2015-01-18 17:01 - 2012-04-27 22:29 - 00000000 ____D () C:\Users\Tina 2015-01-14 21:23 - 2014-03-24 16:46 - 00003562 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-454197360-789761907-2218566396-1000 2015-01-11 17:16 - 2014-12-20 12:25 - 00000000 ____D () C:\Users\Tina\Desktop\Lealex 2015-01-11 17:10 - 2012-06-18 20:26 - 00000000 ____D () C:\Users\Tina\Desktop\Tina 2015-01-11 13:16 - 2014-11-14 11:25 - 00000000 ____D () C:\Users\Tina\Desktop\Graphics 2015-01-11 08:33 - 2014-10-05 13:34 - 00000000 ____D () C:\Users\Tina\Desktop\Weiterbildung 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2015-01-04 13:51 - 2012-04-29 22:05 - 00000000 ____D () C:\Users\Tina\AppData\Local\Thunderbird 2015-01-02 12:24 - 2013-12-29 09:44 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Battle.net ==================== Files in the root of some directories ======= 2013-04-04 09:38 - 2013-10-24 17:16 - 0147996 _____ () C:\Program Files (x86)\changelog.txt 2013-04-04 09:38 - 2013-04-04 09:38 - 0110106 _____ () C:\Program Files (x86)\createfileassoc.exe 2013-04-04 09:38 - 2013-04-04 09:38 - 0188904 _____ (TeamSpeak Systems GmbH) C:\Program Files (x86)\error_report.exe 2013-04-04 09:38 - 2013-04-04 09:38 - 0024009 _____ () C:\Program Files (x86)\license.txt 2013-04-04 09:38 - 2013-10-24 17:16 - 0000142 _____ () C:\Program Files (x86)\mirrors.ini 2013-10-24 17:16 - 2013-10-24 17:16 - 1056184 _____ (Overwolf) C:\Program Files (x86)\OverwolfTeamSpeakInstaller.exe 2013-04-04 09:38 - 2013-10-24 17:16 - 0230376 _____ (TeamSpeak Systems GmbH) C:\Program Files (x86)\package_inst.exe 2013-04-04 09:38 - 2013-04-04 09:38 - 3130880 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files (x86)\QtCore4.dll 2013-04-04 09:38 - 2013-04-04 09:38 - 10554880 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files (x86)\QtGui4.dll 2013-04-04 09:38 - 2013-04-04 09:38 - 1167360 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files (x86)\QtNetwork4.dll 2013-04-04 09:38 - 2013-04-04 09:38 - 0248320 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files (x86)\QtSql4.dll 2013-04-04 09:38 - 2013-10-24 17:16 - 13770728 _____ (TeamSpeak Systems GmbH) C:\Program Files (x86)\ts3client_win64.exe 2013-06-14 19:55 - 2013-06-14 19:55 - 0126222 _____ (TeamSpeak Systems GmbH) C:\Program Files (x86)\Uninstall.exe 2013-04-04 09:38 - 2013-10-24 17:16 - 0499176 _____ (TeamSpeak Systems GmbH) C:\Program Files (x86)\update.exe 2013-10-24 17:14 - 2013-10-24 17:16 - 0000000 _____ () C:\Program Files (x86)\update.ini 2013-10-24 17:16 - 2013-10-24 17:16 - 0502874 _____ () C:\Program Files (x86)\usb.ids 2012-04-27 23:15 - 2012-04-27 23:15 - 0000000 _____ () C:\Users\Tina\AppData\Roaming\AbsoluteReminder.xml 2012-05-16 18:33 - 2012-05-16 18:33 - 0000132 _____ () C:\Users\Tina\AppData\Roaming\Adobe GIF Format CS5 Prefs 2012-10-22 11:41 - 2013-07-24 15:46 - 0000132 _____ () C:\Users\Tina\AppData\Roaming\Adobe PNG Format CS5 Prefs 2014-07-31 10:57 - 2014-07-31 10:57 - 0022544 _____ () C:\Users\Tina\AppData\Roaming\UserTile.png 2012-04-27 23:31 - 2012-04-27 23:31 - 0017408 _____ () C:\Users\Tina\AppData\Local\WebpageIcons.db Some content of TEMP: ==================== C:\Users\Tina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprrudae.dll C:\Users\Tina\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-27 19:42 ==================== End Of Log ============================ Addition Code:
ATTFilter ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984} AS: Kaspersky Internet Security (Enabled - Up to date) {95CBD341-38DB-14AC-AF6A-08054B41A339} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {1691B380-548E-1A7A-BE85-9A42CE15AEFF} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden 64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.53 - STMicroelectronics) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Creative Suite 5 Design Standard (HKLM-x32\...\{49DC7D87-B9F9-4782-9386-B7F13BC75E48}) (Version: 5.0 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{48DB5914-8772-472D-B8DF-E2092BE598F6}) (Version: 10.3.181.34 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Anki (HKLM-x32\...\Anki) (Version: - ) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden BrettspielWelt (HKLM-x32\...\BSW) (Version: - ) Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP) Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.) Citrix Online Launcher (HKLM-x32\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden Dota 2 (HKLM-x32\...\Steam App 570) (Version: - ) Dropbox (HKU\S-1-5-21-454197360-789761907-2218566396-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.1.1705 - Samsung Electronics Co., Ltd.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.) Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.1.44.25 - Samsung Electronics Co., Ltd.) Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.47 - Samsung) E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung) ETDWare PS/2-X64 10.0.7.3_WHQL (HKLM\...\Elantech) (Version: 10.0.7.3 - ELAN Microelectronic Corp.) ExpressCache (HKLM\...\{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}) (Version: 1.0.64 - Diskeeper Corporation) Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden Fast Flash Sleep Resume (x32 Version: 1.0.11 - Samsung) Hidden FileZilla Client 3.7.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.1 - FileZilla Project) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) GoToMeeting 6.4.10.2185 (HKU\S-1-5-21-454197360-789761907-2218566396-1000\...\GoToMeeting) (Version: 6.4.10.2185 - CitrixOnline) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation) IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp) IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp) Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation) Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1008 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Intel(R) WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.) John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden Kaspersky Internet Security 2012 (HKLM-x32\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab) Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - ) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6515 - Realtek Semiconductor Corp.) Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.8 - Samsung) SCL011 Contactless Reader (HKLM-x32\...\{101A21B2-E102-4F64-A7FA-CEF7182D0E2D}) (Version: 1.01 - SCM Microsystems) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) simfy (HKLM-x32\...\Simfy) (Version: 1.6.9 - simfy GmbH) simfy (x32 Version: 1.6.9 - simfy GmbH) Hidden Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung) StarMoney (x32 Version: 2.0 - StarFinanz) Hidden StarMoney (x32 Version: 3.0.3.21 - StarFinanz) Hidden StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden StarMoney 8.0 (HKLM-x32\...\{23873617-C96F-4464-8406-3A2D653B97A1}) (Version: 8.0 - Star Finanz GmbH) StarMoney 9.0 (HKLM-x32\...\{5E05185D-1F76-4701-94B1-8F0A8568AE2F}) (Version: 9.0 - Star Finanz GmbH) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Sweet Home 3D version 4.4 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks) TeamSpeak 3 Client (HKU\S-1-5-21-454197360-789761907-2218566396-1000\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.1 - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-samsung) (Version: 4.0.11.14 - WildTangent) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.16 - WildTangent) Winamp (HKLM-x32\...\Winamp) (Version: 5.66 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-454197360-789761907-2218566396-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-454197360-789761907-2218566396-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-454197360-789761907-2218566396-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-454197360-789761907-2218566396-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-454197360-789761907-2218566396-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-454197360-789761907-2218566396-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-454197360-789761907-2218566396-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-454197360-789761907-2218566396-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-454197360-789761907-2218566396-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-454197360-789761907-2218566396-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-454197360-789761907-2218566396-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 14-01-2015 19:56:44 Windows Update 16-01-2015 07:09:24 Windows Update 20-01-2015 09:27:13 Windows Update 23-01-2015 17:02:46 Windows Update 26-01-2015 09:27:13 Windows-Sicherung 27-01-2015 15:08:26 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2012-06-03 12:15 - 00000847 ____A C:\windows\system32\Drivers\etc\hosts 192.168.1.2 teampoint ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {11D06EEF-BC03-4A5E-B32A-64F00E31979A} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-12-09] (Samsung Electronics) Task: {1A34418C-AF54-40DA-9C17-BAE3F96F3F9F} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-12-08] (SAMSUNG Electronics) Task: {3586E9DB-B68F-4104-876E-46DEAB2D8789} - System32\Tasks\AdobeAAMUpdater-1.0-Tamiami-Tina => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: {4CBCDE67-B908-4265-A971-5340A6100D83} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-12-09] (Samsung Electronics Co., Ltd.) Task: {54304D42-132C-41D2-9C7C-FA72B4AEECD6} - System32\Tasks\{C9908A00-C509-4C3D-B248-0E3A956919CC} => C:\Program Files (x86)\StarMoney\app\StartStarMoney.exe [2014-02-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) Task: {5ED94383-85CB-4715-8C0C-638666FA1855} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-12-09] (Samsung Electronics Co., Ltd.) Task: {6829DDF3-455E-4E08-B445-967B275B89FF} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-12-09] (Samsung Electronics Co., Ltd.) Task: {71045E9A-366A-4D09-84DD-CD38D7196D57} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-12-09] (Samsung Electronics Co., Ltd.) Task: {7C361202-CBFB-49ED-980A-C75E5A0F255B} - System32\Tasks\FFSRConfigurer => C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe [2011-12-17] (Samsung) Task: {7F534738-38E4-417B-BC93-04DA71538D00} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2012-03-16] (SAMSUNG ELECTRONICS CO., Ltd.) Task: {C32E57DB-EF69-499F-9E14-CA48CBFBCE32} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {C710DACA-03C8-4940-9D63-1AEAA7B93644} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.) Task: {CD3A4A9C-0762-49D4-8D76-AD8FAA009602} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {DB774FEA-990E-4E27-95CC-FCD17D297337} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-09-08] (SEC) Task: {DE915C59-89AB-40CB-AF42-20BFAC580F0C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink) Task: {F8BFA7F4-9809-41A1-A0AC-3416C660E730} - System32\Tasks\G2MUpdateTask-S-1-5-21-454197360-789761907-2218566396-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\2185\g2mupdate.exe [2015-01-14] (Citrix Online, a division of Citrix Systems, Inc.) Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-454197360-789761907-2218566396-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\2185\g2mupdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-15 09:46 - 2011-09-15 09:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2011-12-27 08:19 - 2010-12-17 05:18 - 00060928 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe 2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2011-09-15 09:46 - 2011-09-15 09:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2011-12-02 03:27 - 2011-07-26 06:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll 2011-03-04 11:49 - 2011-03-04 11:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll 2011-12-27 08:32 - 2011-02-16 17:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll 2013-02-12 13:17 - 2011-01-13 09:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney\ouservice\PATCHW32.dll 2014-08-04 12:03 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-01-27 20:05 - 2015-01-27 20:05 - 00043008 _____ () c:\users\tina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprrudae.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2011-12-27 08:32 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll 2011-04-24 22:13 - 2011-04-24 22:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll 2011-04-24 22:13 - 2011-04-24 22:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll 2011-04-24 22:13 - 2011-04-24 22:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll 2011-04-24 22:13 - 2011-04-24 22:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll 2011-04-24 22:13 - 2011-04-24 22:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll 2011-04-24 22:13 - 2011-04-24 22:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll 2011-04-20 18:56 - 2011-04-20 18:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll 2011-12-27 08:21 - 2011-09-08 11:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll 2015-01-27 15:17 - 2015-01-27 15:17 - 03925104 _____ () C:\Programme\Mozilla Firefox\mozjs.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Steam => "C:\Steam\Steam.exe" -silent ========================= Accounts: ========================== Administrator (S-1-5-21-454197360-789761907-2218566396-500 - Administrator - Disabled) Gast (S-1-5-21-454197360-789761907-2218566396-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-454197360-789761907-2218566396-1002 - Limited - Enabled) Tina (S-1-5-21-454197360-789761907-2218566396-1000 - Administrator - Enabled) => C:\Users\Tina ==================== Faulty Device Manager Devices ============= Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/27/2015 08:09:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (01/27/2015 08:09:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (01/27/2015 08:09:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (01/27/2015 08:05:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/27/2015 04:10:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (01/27/2015 04:10:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (01/27/2015 04:10:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (01/27/2015 04:04:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/26/2015 02:54:32 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Die Sicherung war nicht erfolgreich. Fehler: "Fehler beim Erstellen einer ZIP-Datei. Möglicherweise ist auf dem Laufwerk, auf dem Windows installiert ist, nicht genügend Speicherplatz verfügbar, oder es handelt sich um einen zeitweiligen Fehler. Stellen Sie sicher, dass mindestens 400 MB verfügbar sind, und wiederholen Sie den Vorgang. (0x81000015)" Error: (01/26/2015 02:54:25 PM) (Source: Microsoft-Windows-Backup) (EventID: 517) (User: NT-AUTORITÄT) Description: Fehler bei der um 2015-01-26T08:27:13.661810000Z gestarteten Sicherung. Fehlercode: "2155348269" (%%2155348269). Suchen Sie in den Ereignisdetails nach einer Lösung, und führen Sie die Sicherung erneut aus, nachdem das Problem behoben wurde. System errors: ============= Error: (01/27/2015 08:04:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (01/27/2015 08:03:17 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 27.01.2015 um 20:01:27 unerwartet heruntergefahren. Error: (01/27/2015 04:04:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (01/27/2015 04:03:36 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 27.01.2015 um 16:02:35 unerwartet heruntergefahren. Error: (01/26/2015 08:58:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error: (01/25/2015 08:00:47 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/25/2015 08:00:46 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/25/2015 08:00:46 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/25/2015 08:00:45 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (01/25/2015 00:35:27 PM) (Source: Application Popup) (EventID: 86) (User: ) Description: Für ein Dateiobjekt mit wartendem Löschvorgang wurde ein Vorgang angefordert, der kein Schließvorgang ist. Microsoft Office Sessions: ========================= Error: (01/27/2015 08:09:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (01/27/2015 08:09:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (01/27/2015 08:09:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (01/27/2015 08:05:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/27/2015 04:10:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (01/27/2015 04:10:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (01/27/2015 04:10:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (01/27/2015 04:04:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/26/2015 02:54:32 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Fehler beim Erstellen einer ZIP-Datei. Möglicherweise ist auf dem Laufwerk, auf dem Windows installiert ist, nicht genügend Speicherplatz verfügbar, oder es handelt sich um einen zeitweiligen Fehler. Stellen Sie sicher, dass mindestens 400 MB verfügbar sind, und wiederholen Sie den Vorgang. (0x81000015) Error: (01/26/2015 02:54:25 PM) (Source: Microsoft-Windows-Backup) (EventID: 517) (User: NT-AUTORITÄT) Description: 2015-01-26T08:27:13.661810000Z2155348269%%2155348269 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz Percentage of memory in use: 54% Total physical RAM: 3990.23 MB Available physical RAM: 1829.81 MB Total Pagefile: 7978.65 MB Available Pagefile: 5506.61 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:443.98 GB) (Free:210.39 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: CB9885AB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=444 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=21.7 GB) - (Type=27) ======================================================== Disk: 1 (Size: 14.9 GB) (Disk ID: 74F02DEA) Partition 1: (Not Active) - (Size=10.6 GB) - (Type=73) Partition 2: (Not Active) - (Size=4.3 GB) - (Type=84) ==================== End Of Log ============================ |
28.01.2015, 08:22 | #4 |
/// the machine /// TB-Ausbilder | Spacekace deliverysystem-log in C:\Spacekace Beide Logs bitte nochmal posten, unvollständig, da fehlt überall der kopf
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.01.2015, 17:12 | #5 |
| Spacekace deliverysystem-log in C:\Spacekace Wozu brauchst du denn den Kopf? War nen aktueller Scan, normaler Boot Mode etc. |
29.01.2015, 17:51 | #6 |
/// the machine /// TB-Ausbilder | Spacekace deliverysystem-log in C:\Spacekace Derjenige, der das Tool gebaut hat, wird sich schon was dabei gedacht haben. zb steht dort das Betriebssystem, irgendwie wichtig, wenn nicht jedes Tool auf jedem System läuft.....
__________________ --> Spacekace deliverysystem-log in C:\Spacekace |
Themen zu Spacekace deliverysystem-log in C:\Spacekace |
anderen, angemeldet, anleitung, bewerten, bezüglich, datei, diverse, einfach, entdeck, entdeckt, folge, folgendes, forum, heute, internet, kaspersky, laptop, logfiles, neu, pcs, posten, probleme, programme, spacekace, thread, überhaupt |