| |
| |||||||
Log-Analyse und Auswertung: Sprechblase für Windowsupdater(nicht von Microsoft) geht aufWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.02.2015, 08:27
| #1 |
 |  Sprechblase für Windowsupdater(nicht von Microsoft) geht auf Hallo Forum =) Habe seit einiger Zeit das Problem, dass sich unten rechts ein Fenster für ein angebliches Windowsupdate öffnet. Klicke ich darauf um das Fenster zu schliessen, soll ich iwelchen AGB`s zustimmen und ein Programm runterladen. Dieses Fenster lässt sich auch nur über den Taskmanager schliessen... Ich hoffe mir kann hier jemand weiterhelfen  MfG GGnis Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Adrian (administrator) on ADRIAN-PC on 05-02-2015 07:55:33
Running from C:\Users\Adrian\Downloads
Loaded Profiles: Adrian (Available profiles: Adrian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Users\Adrian\AppData\Roaming\SoftwareUpdater\SUsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-06] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1803264 2012-06-07] (Game Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\MountPoints2: {b9e95629-6a8c-11e4-96a5-448a5b8fc06d} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\MountPoints2: {e738d354-2979-11e4-b5ff-448a5b8fc06d} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\MountPoints2: {f1df56f7-47c6-11e4-8f77-448a5b8fc06d} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7937840 2015-01-21] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\Extensions\abs@avira.com [2015-02-03]
FF Extension: Firefox improver - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-27]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2014-03-06] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-30] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-21] ()
R2 serversu; C:\Users\Adrian\AppData\Roaming\SoftwareUpdater\SUsrv.exe [120832 2015-01-28] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-09-26] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-07] (Disc Soft Ltd)
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-02-26] (Intel Corporation)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation )
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 07:55 - 2015-02-05 07:55 - 00013701 _____ () C:\Users\Adrian\Downloads\FRST.txt
2015-02-05 07:55 - 2015-02-05 07:55 - 00000000 ____D () C:\FRST
2015-02-05 07:54 - 2015-02-05 07:54 - 02131968 _____ (Farbar) C:\Users\Adrian\Downloads\FRST64.exe
2015-02-05 07:53 - 2015-02-05 07:53 - 00000544 _____ () C:\Users\Adrian\Downloads\defogger_disable.log
2015-02-05 07:53 - 2015-02-05 07:53 - 00000168 _____ () C:\Users\Adrian\defogger_reenable
2015-02-05 07:52 - 2015-02-05 07:52 - 00050477 _____ () C:\Users\Adrian\Downloads\Defogger.exe
2015-01-30 02:39 - 2015-01-30 02:39 - 00001222 _____ () C:\DelFix.txt
2015-01-30 02:39 - 2015-01-30 02:39 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 01:15 - 2015-01-30 01:15 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-30 01:15 - 2015-01-30 01:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 01:15 - 2015-01-30 01:15 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Adobe
2015-01-29 18:33 - 2015-01-29 18:33 - 00001221 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-01-28 15:06 - 2015-01-28 15:06 - 00000000 __RHD () C:\MSOCache
2015-01-28 15:04 - 2015-01-28 15:04 - 00000000 ____D () C:\Users\Adrian\Documents\Benutzerdefinierte Office-Vorlagen
2015-01-28 14:58 - 2015-01-28 14:58 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Microsoft Help
2015-01-28 14:51 - 2015-01-28 14:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Adrian\Downloads\MicrosoftFixit.wu.LB.134588027784228.1.1.Run.exe
2015-01-28 14:41 - 2015-01-28 14:50 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\SoftwareUpdater
2015-01-28 14:40 - 2015-01-28 14:40 - 00000000 ____D () C:\ProgramData\737bcb150000081b
2015-01-28 14:38 - 2015-02-02 02:43 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GU Player
2015-01-28 14:38 - 2015-02-02 02:43 - 00000000 ____D () C:\Program Files (x86)\GU Player
2015-01-28 14:38 - 2015-01-28 15:04 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\Firefox-improver
2015-01-28 14:37 - 2015-01-28 14:37 - 00523856 _____ () C:\Users\Adrian\Downloads\Microsoft%20Word.exe
2015-01-28 14:32 - 2015-01-28 14:32 - 00002140 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-28 14:32 - 2015-01-28 14:32 - 00002140 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-28 14:32 - 2015-01-28 14:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-01-28 14:31 - 2015-01-28 15:00 - 00002210 _____ () C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-28 14:31 - 2015-01-28 14:31 - 00000000 ___RD () C:\Users\Adrian\OneDrive
2015-01-28 14:31 - 2015-01-28 14:31 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-28 14:31 - 2015-01-28 14:31 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-01-28 14:30 - 2015-01-28 18:45 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-01-28 14:30 - 2015-01-28 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-28 14:29 - 2015-01-28 14:30 - 01064632 _____ (Microsoft Corporation) C:\Users\Adrian\Downloads\Setup.X86.de-DE_O365HomePremRetail_c45264ce-a25c-46e7-ab4e-e8f594a0467d_TX_DB_.exe
2015-01-28 14:21 - 2015-01-28 14:21 - 00668376 _____ (Blue Labs, LLC) C:\Users\Adrian\Downloads\FreeEditor.exe
2015-01-28 13:20 - 2015-01-28 13:20 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-28 02:49 - 2015-01-28 02:49 - 00009094 _____ () C:\Users\Adrian\Documents\a.txt
2015-01-28 02:22 - 2015-01-28 02:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 02:22 - 2015-01-28 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-28 02:22 - 2015-01-28 02:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 02:22 - 2015-01-28 02:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-28 02:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-28 02:22 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-28 02:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 02:21 - 2015-01-28 02:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Adrian\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-27 23:41 - 2015-01-27 23:42 - 00014648 _____ () C:\Users\Adrian\Documents\Ereignisse.txt
2015-01-27 23:23 - 2015-01-27 23:23 - 39712504 _____ () C:\Users\Adrian\Downloads\Firefox_Setup_de35.0.1 (1).exe
2015-01-27 23:23 - 2015-01-27 23:23 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-27 23:23 - 2015-01-27 23:23 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-27 23:23 - 2015-01-27 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 23:22 - 2015-01-27 23:22 - 39712504 _____ () C:\Users\Adrian\Downloads\Firefox_Setup_de35.0.1.exe
2015-01-27 23:21 - 2015-01-27 23:21 - 00000000 __SHD () C:\Users\Adrian\AppData\Local\EmieBrowserModeList
2015-01-27 05:14 - 2015-01-27 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 12:22 - 2015-01-26 12:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-26 12:22 - 2015-01-26 12:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-26 02:15 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-26 02:15 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-26 02:15 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-26 02:15 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-26 02:15 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-26 02:15 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-26 02:15 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-26 02:15 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-26 02:15 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-26 02:15 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-26 02:15 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-26 02:15 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-26 02:15 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 07:53 - 2014-08-19 18:57 - 00000000 ____D () C:\Users\Adrian
2015-02-05 07:08 - 2009-07-14 05:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 07:08 - 2009-07-14 05:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 07:06 - 2011-04-12 08:43 - 00700146 _____ () C:\Windows\system32\perfh007.dat
2015-02-05 07:06 - 2011-04-12 08:43 - 00149784 _____ () C:\Windows\system32\perfc007.dat
2015-02-05 07:06 - 2009-07-14 06:13 - 01622778 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 07:00 - 2014-10-03 13:39 - 00061521 _____ () C:\Windows\setupact.log
2015-02-05 07:00 - 2014-08-15 08:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-05 07:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 06:59 - 2014-08-19 19:53 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Battle.net
2015-02-04 19:19 - 2014-08-19 18:57 - 01095753 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 18:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 00:44 - 2014-08-21 22:33 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\TS3Client
2015-01-30 02:31 - 2014-11-10 00:07 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-01-29 18:33 - 2014-10-01 18:23 - 00000000 ____D () C:\Users\Adrian\AppData\Local\AviraSpeedup
2015-01-29 18:33 - 2014-10-01 18:21 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-01-29 18:33 - 2014-10-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-01-29 18:33 - 2014-10-01 18:16 - 00001153 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-29 18:33 - 2014-08-19 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-29 18:33 - 2014-08-19 23:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-29 18:33 - 2014-04-03 06:44 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-29 12:19 - 2014-10-24 06:49 - 00015250 _____ () C:\Windows\PFRO.log
2015-01-28 14:45 - 2009-07-14 05:45 - 00438272 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-28 14:38 - 2014-08-19 18:59 - 00111400 _____ () C:\Users\Adrian\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-28 14:30 - 2014-08-19 18:57 - 00000000 ____D () C:\Users\Adrian\AppData\Local\VirtualStore
2015-01-28 14:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-28 02:55 - 2014-08-19 19:29 - 00000000 ___RD () C:\Users\Adrian\Desktop\Programme
2015-01-28 02:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-01-26 03:01 - 2014-08-20 23:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-26 03:00 - 2014-08-20 23:41 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-08-15 08:24 - 2014-08-15 08:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Adrian\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-25 21:02
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Adrian at 2015-02-05 07:55:51
Running from C:\Users\Adrian\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2014 Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Firefox-improver (HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\Firefox-improver) (Version: 2 - Appli LLC)
GU Player (remove only) (HKLM-x32\...\GU Player) (Version: - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.2.1000 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Software Updater Ltd)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Warcraft 3 (HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\Warcraft 3) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3579592859-3594887549-3632172591-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3579592859-3594887549-3632172591-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3579592859-3594887549-3632172591-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3579592859-3594887549-3632172591-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3579592859-3594887549-3632172591-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Adrian\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
04-02-2015 17:44:42 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {56B11E81-0B0E-477B-B5AF-9EF7E3C27156} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {7B482FF0-9CD7-48FC-ADBE-2D675006F35D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-28] (Microsoft Corporation)
Task: {A3262DA4-E76F-4CD0-ABCE-90AFBBA0BBDD} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-01-21] (Avira Operations GmbH & Co. KG)
Task: {BC6DF72C-1398-4199-91BA-1CC067908112} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
==================== Loaded Modules (whitelisted) ==============
2015-01-28 14:30 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-21 03:02 - 2014-08-21 03:02 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-01-28 14:41 - 2015-01-28 14:41 - 00120832 _____ () C:\Users\Adrian\AppData\Roaming\SoftwareUpdater\SUsrv.exe
2014-08-15 08:25 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-12 17:11 - 2014-08-19 19:43 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2014-08-19 19:43 - 2015-02-04 17:56 - 02445816 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe
2015-02-04 17:56 - 2015-02-04 17:56 - 04234232 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe
2014-08-19 20:09 - 2014-08-19 20:09 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exe
2015-02-04 17:56 - 2015-02-04 17:56 - 01618424 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\RiotLauncher.dll
2014-08-19 20:09 - 2014-08-19 20:09 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2015-01-27 23:23 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3579592859-3594887549-3632172591-500 - Administrator - Disabled)
Adrian (S-1-5-21-3579592859-3594887549-3632172591-1000 - Administrator - Enabled) => C:\Users\Adrian
Gast (S-1-5-21-3579592859-3594887549-3632172591-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3579592859-3594887549-3632172591-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/05/2015 07:02:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/05/2015 07:00:49 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
Error: (02/04/2015 10:15:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 10:13:20 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
Error: (02/04/2015 05:42:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 05:40:33 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
Error: (02/02/2015 11:20:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 11:19:06 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
Error: (02/02/2015 04:53:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 04:51:19 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
System errors:
=============
Error: (02/05/2015 07:00:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.02.2015 um 06:58:27 unerwartet heruntergefahren.
Error: (01/29/2015 11:21:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/28/2015 05:32:01 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (01/28/2015 05:02:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (02/05/2015 07:02:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/05/2015 07:00:49 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
Error: (02/04/2015 10:15:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 10:13:20 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
Error: (02/04/2015 05:42:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 05:40:33 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
Error: (02/02/2015 11:20:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 11:19:06 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
Error: (02/02/2015 04:53:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 04:51:19 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 28%
Total physical RAM: 8120.02 MB
Available physical RAM: 5795.46 MB
Total Pagefile: 16238.21 MB
Available Pagefile: 13507.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:111.79 GB) (Free:9.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data1) (Fixed) (Total:931.51 GB) (Free:931.31 GB) NTFS
Drive g: () (CDROM) (Total:1.07 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 50489017)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 50489002)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-05 08:24:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000064 Samsung_ rev.EXT0 111,79GB
Running: vpl5fhzr.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\ugliqpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769d1401 2 bytes JMP 767fb21b C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769d1419 2 bytes JMP 767fb346 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769d1431 2 bytes JMP 76878ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769d144a 2 bytes CALL 767d48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769d14dd 2 bytes JMP 768787a2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769d14f5 2 bytes JMP 76878978 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769d150d 2 bytes JMP 76878698 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769d1525 2 bytes JMP 76878a62 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769d153d 2 bytes JMP 767efca8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769d1555 2 bytes JMP 767f68ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769d156d 2 bytes JMP 76878f61 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769d1585 2 bytes JMP 76878ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769d159d 2 bytes JMP 7687865c C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769d15b5 2 bytes JMP 767efd41 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769d15cd 2 bytes JMP 767fb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769d16b2 2 bytes JMP 76878e24 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769d16bd 2 bytes JMP 768785f1 C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3832:4416] 000007fefac22bf8
---- Processes - GMER 2.1 ----
Process C:\Users\Adrian\AppData\Roaming\SoftwareUpdater\SUsrv.exe (*** suspicious ***) @ C:\Users\Adrian\AppData\Roaming\SoftwareUpdater\SUsrv.exe [2024](2015-01-28 13:41:51) 0000000001300000
---- EOF - GMER 2.1 ----
|
| Themen zu Sprechblase für Windowsupdater(nicht von Microsoft) geht auf |
| adware, antivir, avira, browser, cpu, defender, desktop, failed, firefox, flash player, helper, home, homepage, league of legends, mozilla, office 365, problem, programm, realtek, registry, rundll, scan, security, services.exe, svchost.exe, system, taskmanager, teredo |
Baum-Darstellung