| |
| |||||||
Log-Analyse und Auswertung: "Bad Image" beim öffnen jeder .exe dateiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
04.02.2015, 02:59
| #1 |
| |  "Bad Image" beim öffnen jeder .exe datei Halli Hallo! Ich habe Zeit neuersten (1-2 Tagen) folgendes Problem: Jedes Mal wenn ich eine .exe datei öffnen will, Windows starte oder herunterfahre bekomme ich die Fehlermeldung "C:\Progra~2\Search~1\Search~1\bin\VC32LO~1.DLL either not designed to run.... " . Beschreibe diese jetzt nich genauer da ich schon einige Beiträge dazu gefunden habe und hoffe dass Ihr versteht was ich meine  Hier ist der FRST scan: PHP-Code: Danke jetzt schon mal und freundliche Grüße von mir Doc |
|
04.02.2015, 06:20
| #2 |
| /// the machine /// TB-Ausbilder    |  "Bad Image" beim öffnen jeder .exe datei hi,
__________________Addition.txt fehlt noch. Und Logs bitte in Codetags posten.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
04.02.2015, 11:59
| #3 |
| | "Bad Image" beim öffnen jeder .exe datei Hey danke für die Antwort also hier der neue Scan:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by sahdkajs (administrator) on SAHDKAJS-PC on 04-02-2015 15:05:39
Running from C:\Users\sahdkajs\Downloads
Loaded Profiles: sahdkajs (Available profiles: sahdkajs & Music)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Englisch (USA)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\update.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2749442998-3716350225-1559413844-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2749442998-3716350225-1559413844-1000\...\MountPoints2: {75cb5c61-3820-11e4-91fc-001d60c1e542} - J:\AUTOPLAY.EXE
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [219408 2015-01-28] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
ShortcutTarget: simplicheck.lnk -> C:\Program Files\simplitec\simplicheck\simplicheck.exe (simplitec)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2749442998-3716350225-1559413844-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\sahdkajs\AppData\Roaming\Mozilla\Firefox\Profiles\u6jcx7mp.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3330189&octid=EB_ORIGINAL_CTID&ISID=MC32EABB7-953C-4891-AB30-D24F1D0B8A50&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP898C22DD-92EF-421F-A769-1CBF537B9723
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3330189&octid=EB_ORIGINAL_CTID&ISID=MC32EABB7-953C-4891-AB30-D24F1D0B8A50&SearchSource=55&CUI=&UM=6&UP=SP898C22DD-92EF-421F-A769-1CBF537B9723&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\sahdkajs\AppData\Roaming\Mozilla\Firefox\Profiles\u6jcx7mp.default\searchplugins\trovi-search.xml
FF Extension: Adblock Plus - C:\Users\sahdkajs\AppData\Roaming\Mozilla\Firefox\Profiles\u6jcx7mp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-26]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-27]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-23]
CHR Extension: (Google Drive) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-23]
CHR Extension: (YouTube) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-23]
CHR Extension: (Google-Suche) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-23]
CHR Extension: (Avira Browserschutz) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-23]
CHR Extension: (Google Wallet) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-23]
CHR Extension: (Google Mail) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [348032 2015-02-04] ()
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [3505936 2015-01-28] (Client Connect LTD)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4590968 2012-09-05] (Native Instruments GmbH)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-11-30] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-06-17] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-09] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-06-17] (Avira GmbH)
S3 SynasUSB; C:\Windows\System32\drivers\SynasUSB.sys [18432 2006-11-23] (SIA Syncrosoft) [File not signed]
S3 ZOOM_R16MTR; C:\Windows\System32\Drivers\zmr16usbaudio.sys [80384 2010-06-16] (Zoom Corporation.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 05:25 - 2015-02-04 05:26 - 00034211 _____ () C:\Users\sahdkajs\Downloads\Addition.txt
2015-02-04 05:25 - 2015-02-04 05:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\sahdkajs\Downloads\revosetup95.exe
2015-02-04 05:25 - 2015-02-04 05:25 - 00001226 _____ () C:\Users\sahdkajs\Desktop\Revo Uninstaller.lnk
2015-02-04 05:25 - 2015-02-04 05:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-04 05:24 - 2015-02-04 15:05 - 00011300 _____ () C:\Users\sahdkajs\Downloads\FRST.txt
2015-02-04 05:23 - 2015-02-04 15:05 - 00000000 ____D () C:\FRST
2015-02-04 05:23 - 2015-02-04 05:23 - 01122304 _____ (Farbar) C:\Users\sahdkajs\Downloads\FRST.exe
2015-02-04 02:54 - 2015-02-04 03:01 - 00000000 ____D () C:\Users\sahdkajs\Documents\DayZ
2015-02-04 02:54 - 2015-02-04 02:59 - 00000000 ____D () C:\Users\sahdkajs\AppData\Local\DayZ
2015-02-04 02:54 - 2015-02-04 02:54 - 00000000 ____D () C:\Program Files\Common Files\BattlEye
2015-02-04 00:59 - 2015-02-04 00:59 - 00000000 ____D () C:\Users\sahdkajs\Documents\Celemony
2015-02-04 00:59 - 2015-02-04 00:59 - 00000000 ____D () C:\Users\sahdkajs\AppData\Roaming\Celemony Software GmbH
2015-02-04 00:51 - 2015-02-04 00:57 - 00000000 ____D () C:\Users\sahdkajs\AppData\Roaming\Audacity
2015-02-02 23:50 - 2015-02-03 23:55 - 00000000 ____D () C:\Users\sahdkajs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-02 20:52 - 2015-02-02 20:52 - 00000000 ____D () C:\Users\Music\AppData\Local\avaxvavya
2015-02-02 17:42 - 2015-02-04 05:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 23:52 - 2015-01-29 23:52 - 19731050 _____ () C:\Users\Music\Desktop\nothingsl.wav
2015-01-28 15:20 - 2015-01-28 15:20 - 16852415 _____ () C:\Users\Music\Downloads\wetransfer-2b0e11.zip
2015-01-27 20:05 - 2015-01-27 20:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-26 19:36 - 2015-01-26 19:36 - 00000000 ____D () C:\Users\Music\AppData\Local\Google
2015-01-23 02:30 - 2015-01-27 18:45 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-23 02:30 - 2015-01-23 02:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-23 02:29 - 2015-02-04 15:00 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 02:29 - 2015-02-04 05:44 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 02:29 - 2015-01-23 02:30 - 00000000 ____D () C:\Users\sahdkajs\AppData\Local\Google
2015-01-23 02:29 - 2015-01-23 02:30 - 00000000 ____D () C:\Program Files\Google
2015-01-18 03:01 - 2015-01-18 03:01 - 00288306 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-01-18 03:01 - 2015-01-18 03:01 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-01-18 03:00 - 2015-01-18 03:01 - 00290468 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-01-17 22:28 - 2015-01-17 22:28 - 00000000 ____D () C:\Users\Music\AppData\Roaming\simplitec
2015-01-17 19:05 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 19:05 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 19:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-17 19:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-17 19:05 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-17 19:05 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 00:52 - 2015-01-14 00:52 - 00000000 ____D () C:\Users\sahdkajs\AppData\Roaming\simplitec
2015-01-13 22:36 - 2015-01-13 22:36 - 00000000 ____D () C:\Users\Music\Documents\MAGIX
2015-01-13 22:35 - 2015-01-28 17:03 - 00000000 ____D () C:\ProgramData\simplitec
2015-01-13 22:35 - 2015-01-13 22:36 - 00000000 ____D () C:\ProgramData\MAGIX
2015-01-13 22:35 - 2015-01-13 22:35 - 00001069 _____ () C:\Users\Public\Desktop\simplicheck.lnk
2015-01-13 22:35 - 2015-01-13 22:35 - 00001065 _____ () C:\Users\Public\Desktop\MAGIX Foto Designer 7.lnk
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\Users\Music\AppData\Roaming\MAGIX
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\Users\Music\AppData\Local\MAGIX
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\Program Files\simplitec
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\Program Files\MAGIX
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services
2015-01-13 22:34 - 2015-01-13 22:34 - 24003400 _____ (MAGIX AG) C:\Users\Music\Downloads\foto_designer_7011_23mb_d.exe
2015-01-13 22:28 - 2015-01-13 22:28 - 00002142 _____ () C:\Users\Music\AppData\Local\recently-used.xbel
2015-01-13 22:27 - 2015-01-13 22:27 - 00841650 _____ () C:\Users\Music\Documents\Unbenannt.xcf
2015-01-13 22:23 - 2015-01-13 22:23 - 00038553 _____ () C:\Users\Music\Downloads\fibel_vienna.zip
2015-01-13 21:54 - 2015-01-13 22:27 - 00000000 ____D () C:\Users\Music\AppData\Local\gtk-2.0
2015-01-13 21:52 - 2015-01-13 21:52 - 00000000 ____D () C:\Users\Music\.thumbnails
2015-01-13 21:48 - 2015-01-13 22:33 - 00000000 ____D () C:\Users\Music\.gimp-2.8
2015-01-13 21:48 - 2015-01-13 21:48 - 00000000 ____D () C:\Users\Music\AppData\Local\gegl-0.2
2015-01-13 21:48 - 2015-01-13 21:48 - 00000000 ____D () C:\Users\Music\AppData\Local\fontconfig
2015-01-13 21:46 - 2015-01-13 21:46 - 00202074 _____ () C:\Users\Music\Downloads\livin-hell_carnivalee-freakshow.zip
2015-01-13 21:46 - 2015-01-13 21:46 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-01-13 21:44 - 2015-01-13 21:46 - 00000000 ____D () C:\Program Files\GIMP 2
2015-01-13 21:40 - 2015-01-13 21:41 - 91670064 _____ (The GIMP Team ) C:\Users\Music\Downloads\gimp-2.8.14-setup.exe
2015-01-13 02:58 - 2015-01-13 02:58 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-13 02:57 - 2015-01-13 02:57 - 00638888 _____ (Oracle Corporation) C:\Users\sahdkajs\Downloads\jxpiinstall(1).exe
2015-01-13 02:56 - 2015-01-13 02:56 - 00638888 _____ (Oracle Corporation) C:\Users\sahdkajs\Downloads\jxpiinstall.exe
2015-01-13 02:51 - 2015-01-13 02:51 - 00000000 __SHD () C:\Users\sahdkajs\AppData\Local\EmieBrowserModeList
2015-01-13 00:06 - 2015-02-02 17:45 - 00000000 ____D () C:\Users\sahdkajs\AppData\Local\Adobe
2015-01-13 00:06 - 2015-01-13 00:06 - 00000216 _____ () C:\Users\sahdkajs\Desktop\Magic Barrage - Bitferno.url
2015-01-12 22:14 - 2015-01-12 22:20 - 524894245 _____ () C:\Users\sahdkajs\Downloads\l4d2_the_bloody_moors_4.0.zip
2015-01-06 20:21 - 2015-01-06 20:27 - 59117106 _____ () C:\Users\sahdkajs\Desktop\L4d_HelmsDeep.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 15:04 - 2006-12-31 23:44 - 02008261 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 15:00 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 15:00 - 2009-07-14 05:39 - 00063176 _____ () C:\Windows\setupact.log
2015-02-04 15:00 - 2007-01-01 01:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-04 05:51 - 2009-07-14 05:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 05:51 - 2009-07-14 05:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 05:43 - 2010-11-20 22:48 - 00203228 _____ () C:\Windows\PFRO.log
2015-02-04 04:20 - 2014-06-26 21:45 - 00000000 ____D () C:\Program Files\Steam
2015-02-04 04:06 - 2014-06-26 17:52 - 00007669 _____ () C:\Users\sahdkajs\AppData\Local\Resmon.ResmonCfg
2015-02-04 02:50 - 2014-08-12 14:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-04 01:02 - 2014-12-23 19:05 - 00000000 ____D () C:\Users\sahdkajs\Desktop\Music stuff
2015-02-03 01:48 - 2014-12-01 20:26 - 00000000 ____D () C:\Users\sahdkajs\AppData\Roaming\TS3Client
2015-02-03 00:45 - 2014-11-28 01:01 - 00282296 _____ () C:\Windows\system32\PnkBstrB.xtr
2015-02-03 00:45 - 2014-11-28 01:00 - 00139048 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2015-02-03 00:45 - 2014-11-28 00:59 - 00282296 _____ () C:\Windows\system32\PnkBstrB.exe
2015-02-03 00:44 - 2014-11-28 00:59 - 00215128 _____ () C:\Windows\system32\PnkBstrB.ex0
2015-02-02 21:40 - 2014-06-26 21:45 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-02-02 20:52 - 2014-07-26 13:15 - 00000000 ____D () C:\Program Files\SearchProtect
2015-02-02 20:49 - 2014-11-17 21:21 - 00000000 ____D () C:\Users\Music\Desktop\bounces
2015-02-02 18:36 - 2014-06-26 23:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-02 18:36 - 2014-06-26 23:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-01 20:27 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 04:32 - 2014-12-23 19:44 - 00000000 ____D () C:\Users\Music\AppData\Roaming\Celemony Software GmbH
2015-01-31 23:15 - 2014-06-26 18:22 - 00000000 ____D () C:\Cubase Install
2015-01-29 18:06 - 2014-12-23 19:31 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-29 18:06 - 2014-06-26 01:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-29 18:05 - 2014-06-26 01:25 - 00000000 ____D () C:\Program Files\Avira
2015-01-29 17:58 - 2014-06-26 01:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-18 03:05 - 2014-06-26 10:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 03:01 - 2014-06-26 10:42 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-17 18:58 - 2009-07-14 05:33 - 00270872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-14 00:53 - 2007-01-01 02:00 - 00059752 _____ () C:\Users\sahdkajs\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-13 23:02 - 2014-06-26 18:06 - 00059752 _____ () C:\Users\Music\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-13 00:06 - 2014-06-26 02:11 - 00000000 ____D () C:\Users\sahdkajs\AppData\Roaming\Adobe
==================== Files in the root of some directories =======
2014-11-28 01:00 - 2014-11-28 01:00 - 0138056 _____ () C:\Users\sahdkajs\AppData\Roaming\PnkBstrK.sys
2014-06-26 17:52 - 2015-02-04 04:06 - 0007669 _____ () C:\Users\sahdkajs\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Music\AppData\Local\Temp\6853.exe
C:\Users\Music\AppData\Local\Temp\928.exe
C:\Users\Music\AppData\Local\Temp\avgnt.exe
C:\Users\Music\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Music\AppData\Local\Temp\nshDC5F.exe
C:\Users\Music\AppData\Local\Temp\nsm24A.exe
C:\Users\Music\AppData\Local\Temp\nsr6AE.exe
C:\Users\Music\AppData\Local\Temp\nstC0F3.exe
C:\Users\Music\AppData\Local\Temp\nswDFC9.exe
C:\Users\Music\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Music\AppData\Local\Temp\setup.exe
C:\Users\Music\AppData\Local\Temp\SyncrosoftLicenseControlSetup.exe
C:\Users\sahdkajs\AppData\Local\Temp\avgnt.exe
C:\Users\sahdkajs\AppData\Local\Temp\nsy120E.exe
C:\Users\sahdkajs\AppData\Local\Temp\nsy35B8.exe
C:\Users\sahdkajs\AppData\Local\Temp\nvStInst.exe
C:\Users\sahdkajs\AppData\Local\Temp\SPSetup.exe
C:\Users\sahdkajs\AppData\Local\Temp\uttDED0.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-03 02:11
==================== End Of Log ============================
--- --- --- --- --- --- Und hier der Addition text: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by sahdkajs at 2015-02-04 15:10:11
Running from C:\Users\sahdkajs\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2749442998-3716350225-1559413844-1000\...\uTorrent) (Version: 3.4.2.31515 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battlefield: Bad Company 2 (HKLM\...\Steam App 24960) (Version: - DICE)
Brothers In Arms EiB (HKLM\...\BrothersInArmsEiB) (Version: - Ubisoft)
CVPiano-Modeled (HKLM\...\CVPiano-Modeled) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive)
Free YouTube to MP3 Converter version 3.12.44.908 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.908 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Grewe Scanner-Interface 7 (HKLM\...\{B1C3F49A-DE7D-1AC1-0913-039C1A8B9B82}) (Version: 7 - Grewe Computertechnik GmbH)
Heroes of Might and Magic 3 Complete (HKLM\...\Heroes of Might and Magic 3 Complete_is1) (Version: - GOG.com)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
LucasArts' The Infernal Machine (HKLM\...\LucasArts' The Infernal Machine) (Version: - )
Magic Barrage - Bitferno (HKLM\...\Steam App 335150) (Version: - Gameguyz)
MAGIX Foto Designer 7 (HKLM\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
Melodyne 3.1 (HKLM\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.1.0200 - Celemony Software GmbH)
Melodyne 3.1 (Version: 3.1.0200 - Celemony Software GmbH) Hidden
Melodyne Runtime 4.1 (x86) (HKLM\...\{02875304-0DD9-465A-986E-A3438ACDC623}) (Version: 1.0.1 - Celemony Software GmbH )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments B4 II (HKLM\...\Native Instruments B4 II) (Version: - )
Native Instruments Controller Editor (HKLM\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM\...\Native Instruments Kontakt 5) (Version: 5.3.1.37 - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version: - Native Instruments)
No More Room in Hell (HKLM\...\Steam App 224260) (Version: - No More Room in Hell Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM\...\Steam App 24240) (Version: - OVERKILL Software)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
R16_R24 Driver (HKLM\...\{19CF1A77-C522-4082-8A2B-A9952EE9E372}) (Version: 1.15.0000 - ZOOM)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search Protect (HKLM\...\SearchProtect) (Version: 2.20.2.12 - Client Connect LTD) <==== ATTENTION
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
SimCity 4 Deluxe (HKLM\...\Steam App 24780) (Version: - EA - Maxis)
simplitec simplicheck (HKLM\...\{DF103EDA-7937-4966-8EFB-5EF5C38301F2}) (Version: 1.3.9.0 - simplitec GmbH)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
Steinberg Cubase 5 (HKLM\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Superior Drummer Installer (HKLM\...\{009AC76E-1A66-4682-82B7-417E77F3C648}) (Version: 2.3.0 - Toontrack)
Syncrosoft Lizenz Kontrolle (HKLM\...\Syncrosoft License Control) (Version: - SIA Syncrosoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tropico 4 (HKLM\...\Steam App 57690) (Version: - Haemimont Games)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Worms Armageddon (HKLM\...\Steam App 217200) (Version: - Team17 Digital Ltd.)
Yet Another Zombie Defense (HKLM\...\Steam App 270550) (Version: - Awesome Games Studio)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
02-02-2015 22:40:38 Scheduled Checkpoint
04-02-2015 02:49:49 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
04-02-2015 05:33:13 Revo Uninstaller's restore point - Search Protect
04-02-2015 05:38:10 Revo Uninstaller's restore point - Search Protect
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0DB21E4C-18DE-4198-B7A6-AC0C28B22426} - System32\Tasks\avaxvavya => C:\Users\Music\AppData\Local\avaxvavya\avaxvavya.exe [2015-01-28] ()
Task: {51409F0A-87F9-4EB4-8E17-A2FECD8029B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {7563F980-1681-4AB0-B1A8-B16647D37939} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {84402F5D-E371-443A-A17E-2AE4A18EC951} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-02] (Adobe Systems Incorporated)
Task: {A86DEE55-D162-4431-B4E5-32DD48821A3D} - System32\Tasks\{75259BE3-1B85-4F80-8DAC-3D85E9553D9D} => pcalua.exe -a "C:\Program Files\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "C:\Program Files\Steam\SteamApps\common\Left 4 Dead 2\left4dead2\addons" -c C:\PROGRA~1\Steam\STEAMA~1\common\LEFT4D~1\LEFT4D~1\addons\HELMS_~1.VPK
Task: {D206030A-ED17-428A-9CC1-0867211A74C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-11-28 00:59 - 2014-11-30 16:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2007-01-01 01:52 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-01-27 20:05 - 2015-01-27 20:05 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2749442998-3716350225-1559413844-500 - Administrator - Disabled)
Guest (S-1-5-21-2749442998-3716350225-1559413844-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2749442998-3716350225-1559413844-1003 - Limited - Enabled)
Music (S-1-5-21-2749442998-3716350225-1559413844-1001 - Administrator - Enabled) => C:\Users\Music
sahdkajs (S-1-5-21-2749442998-3716350225-1559413844-1000 - Administrator - Enabled) => C:\Users\sahdkajs
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/04/2015 03:00:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 03:00:13 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/04/2015 05:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 05:44:44 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/04/2015 05:33:12 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Access is denied.
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {025cd91e-7a04-4c59-8897-d2d87dc0e13e}
Error: (02/04/2015 04:52:06 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/04/2015 04:23:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 00:59:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/04/2015 00:58:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Melodyne.exe, Version: 3.1.2.0, Zeitstempel: 0x451d1512
Name des fehlerhaften Moduls: Melodyne.exe, Version: 3.1.2.0, Zeitstempel: 0x451d1512
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000e6957
ID des fehlerhaften Prozesses: 0x1428
Startzeit der fehlerhaften Anwendung: 0xMelodyne.exe0
Pfad der fehlerhaften Anwendung: Melodyne.exe1
Pfad des fehlerhaften Moduls: Melodyne.exe2
Berichtskennung: Melodyne.exe3
Error: (02/04/2015 00:58:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Melodyne.exe, Version: 3.1.2.0, Zeitstempel: 0x451d1512
Name des fehlerhaften Moduls: Melodyne.exe, Version: 3.1.2.0, Zeitstempel: 0x451d1512
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002c82cd
ID des fehlerhaften Prozesses: 0x1acc
Startzeit der fehlerhaften Anwendung: 0xMelodyne.exe0
Pfad der fehlerhaften Anwendung: Melodyne.exe1
Pfad des fehlerhaften Moduls: Melodyne.exe2
Berichtskennung: Melodyne.exe3
System errors:
=============
Error: (02/03/2015 11:48:34 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.4 mit dem Computer mit der
Netzwerkhardwareadresse 04-A1-51-89-2B-37 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (02/03/2015 04:03:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Search Protect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 20000 Millisekunden durchgeführt: Restart the service.
Error: (02/03/2015 05:39:11 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (02/02/2015 10:05:29 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (02/02/2015 05:39:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/02/2015 05:39:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (02/02/2015 05:37:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/01/2015 09:20:35 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (01/29/2015 06:13:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.01.2015 um 18:06:21 unerwartet heruntergefahren.
Error: (01/29/2015 06:11:40 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Microsoft Office Sessions:
=========================
Error: (02/04/2015 03:00:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 03:00:13 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/04/2015 05:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 05:44:44 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/04/2015 05:33:12 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {025cd91e-7a04-4c59-8897-d2d87dc0e13e}
Error: (02/04/2015 04:52:06 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/04/2015 04:23:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 00:59:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Steinberg\Cubase 5\VSTPlugIns\Tools\Auto-Tune+Time_VST.dll
Error: (02/04/2015 00:58:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Melodyne.exe3.1.2.0451d1512Melodyne.exe3.1.2.0451d1512c0000005000e6957142801d0400d58bfe560C:\Program Files\Celemony\Melodyne.3.0\Melodyne.exeC:\Program Files\Celemony\Melodyne.3.0\Melodyne.exe9b475bc0-ac00-11e4-94ed-001d60c1e542
Error: (02/04/2015 00:58:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Melodyne.exe3.1.2.0451d1512Melodyne.exe3.1.2.0451d1512c0000005002c82cd1acc01d0400d46888140C:\Program Files\Celemony\Melodyne.3.0\Melodyne.exeC:\Program Files\Celemony\Melodyne.3.0\Melodyne.exe91c9ea40-ac00-11e4-94ed-001d60c1e542
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
Percentage of memory in use: 32%
Total physical RAM: 3582.52 MB
Available physical RAM: 2429.27 MB
Total Pagefile: 7163.34 MB
Available Pagefile: 5649.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.51 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:235.97 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:379.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 5663D131)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
04.02.2015, 19:41
| #4 |
| /// the machine /// TB-Ausbilder | "Bad Image" beim öffnen jeder .exe datei Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu "Bad Image" beim öffnen jeder .exe datei |
| adobe, antivir, avira, bad image, browser, computer, cubase, defender, desktop, explorer, fehlermeldung, firefox, flash player, homepage, mozilla, musik, newtab, problem, registry, revo uninstaller, rundll, scan, services.exe, software, svchost.exe, system, temp, vc32loader.dll, vc32lo~1.dll, virus, windows |
dann auf 
und dann auf 
. 
Hybrid-Darstellung
