|
Log-Analyse und Auswertung: Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschobenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.02.2015, 17:23 | #1 |
| Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben Beim versuchten Installieren eines Programmes hat der Echtzeitscanner von Avira den oben genannten Trojaner endeckt. Ich habe darauf das Setup das Programmes gecancelt. Bei jedem folgenden Neustart versuchte das Programm wieder das Setup durch zu führen, wobei der Echtzeitscanner eine erneute Warnung einblendete. Ich habe jedes mal auf "entfernen" geklickt und damit den Trojaner in Quarantäne geschickt. Aus vorherigen Threads schließe ich, dass es mit der Quarantäne aber nicht getan ist und hoffe hier auf eine bessere/langfristige Lösung. Hier das Logfile von Avira: Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: 11 فروری, 2015 08:47 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Antivirus Free Seriennummer : 0000149996-AVHOE-0000001 Plattform : Windows 7 Professional Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : CEMA Versionsinformationen: BUILD.DAT : 14.0.7.468 91859 Bytes 24.11.2014 10:23:00 AVSCAN.EXE : 14.0.7.462 1015544 Bytes 11.12.2014 12:01:37 AVSCANRC.DLL : 14.0.7.308 64304 Bytes 18.11.2014 11:49:43 LUKE.DLL : 14.0.7.462 60664 Bytes 11.12.2014 12:06:37 AVSCPLR.DLL : 14.0.7.440 93488 Bytes 11.12.2014 12:01:38 REPAIR.DLL : 14.0.7.412 366328 Bytes 11.12.2014 12:01:12 REPAIR.RDF : 1.0.4.60 704786 Bytes 07.02.2015 06:54:34 AVREG.DLL : 14.0.7.310 264952 Bytes 18.11.2014 11:49:19 AVLODE.DLL : 14.0.7.440 561456 Bytes 11.12.2014 12:00:55 AVLODE.RDF : 14.0.4.54 78895 Bytes 05.12.2014 18:50:09 XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:18 XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:18 XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:19 XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:19 XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:19 XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:20 XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:20 XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:20 XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:21 XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:21 XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:22 XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:22 XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:23 XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:23 XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:24 XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:24 XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:24 XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:25 XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:25 XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:26 XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:26 XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:26 XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:27 XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:27 XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:28 XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:28 XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:06:29 XBV00089.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:54 XBV00090.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:54 XBV00091.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:54 XBV00092.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:54 XBV00093.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:54 XBV00094.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:55 XBV00095.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:55 XBV00096.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:55 XBV00097.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:55 XBV00098.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:55 XBV00099.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:56 XBV00100.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:56 XBV00101.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:56 XBV00102.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:56 XBV00103.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:56 XBV00104.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:57 XBV00105.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:57 XBV00106.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:57 XBV00107.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:57 XBV00108.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:58 XBV00109.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:58 XBV00110.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:59 XBV00111.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:59 XBV00112.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:59 XBV00113.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:59 XBV00114.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:59 XBV00115.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:53:59 XBV00116.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:00 XBV00117.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:00 XBV00118.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:00 XBV00119.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:00 XBV00120.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:00 XBV00121.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:01 XBV00122.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:01 XBV00123.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:01 XBV00124.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:01 XBV00125.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:01 XBV00126.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:02 XBV00127.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:02 XBV00128.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:02 XBV00129.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:02 XBV00130.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:02 XBV00131.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:03 XBV00132.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:03 XBV00133.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:03 XBV00134.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:03 XBV00135.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:03 XBV00136.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:04 XBV00137.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:04 XBV00138.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:04 XBV00139.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:04 XBV00140.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:05 XBV00141.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:05 XBV00142.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:05 XBV00143.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:05 XBV00144.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:06 XBV00145.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:06 XBV00146.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:06 XBV00147.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:06 XBV00148.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:06 XBV00149.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:07 XBV00150.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:07 XBV00151.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:07 XBV00152.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:07 XBV00153.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:08 XBV00154.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:08 XBV00155.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:08 XBV00156.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:08 XBV00157.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:08 XBV00158.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:08 XBV00159.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:09 XBV00160.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:09 XBV00161.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:09 XBV00162.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:09 XBV00163.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:09 XBV00164.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:10 XBV00165.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:10 XBV00166.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:10 XBV00167.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:10 XBV00168.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:10 XBV00169.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:11 XBV00170.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:11 XBV00171.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:11 XBV00172.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:11 XBV00173.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:12 XBV00174.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:12 XBV00175.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:12 XBV00176.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:12 XBV00177.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:12 XBV00178.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:13 XBV00179.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:13 XBV00180.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:13 XBV00181.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:13 XBV00182.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:14 XBV00183.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:14 XBV00184.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:14 XBV00185.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:14 XBV00186.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:14 XBV00187.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:15 XBV00188.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:15 XBV00189.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:15 XBV00190.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:15 XBV00191.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:16 XBV00192.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:16 XBV00193.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:16 XBV00194.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:16 XBV00195.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:16 XBV00196.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:17 XBV00197.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:17 XBV00198.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:17 XBV00199.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:17 XBV00200.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:17 XBV00201.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:18 XBV00202.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:18 XBV00203.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:18 XBV00204.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:19 XBV00205.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:20 XBV00206.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:20 XBV00207.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:20 XBV00208.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:20 XBV00209.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:21 XBV00210.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:21 XBV00211.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:21 XBV00212.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:21 XBV00213.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:21 XBV00214.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:22 XBV00215.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:22 XBV00216.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:22 XBV00217.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:22 XBV00218.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:23 XBV00219.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:23 XBV00220.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:23 XBV00221.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:23 XBV00222.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:24 XBV00223.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:24 XBV00224.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:24 XBV00225.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:25 XBV00226.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:25 XBV00227.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:25 XBV00228.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:25 XBV00229.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:26 XBV00230.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:26 XBV00231.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:26 XBV00232.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:26 XBV00233.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:27 XBV00234.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:27 XBV00235.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:27 XBV00236.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:27 XBV00237.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:28 XBV00238.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:28 XBV00239.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:28 XBV00240.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:28 XBV00241.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:29 XBV00242.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:29 XBV00243.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:29 XBV00244.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:29 XBV00245.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:29 XBV00246.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:30 XBV00247.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:30 XBV00248.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:31 XBV00249.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:31 XBV00250.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:31 XBV00251.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:31 XBV00252.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:31 XBV00253.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:32 XBV00254.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:32 XBV00255.VDF : 8.11.206.252 2048 Bytes 04.02.2015 06:54:32 XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 19:17:02 XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:03:18 XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 18:00:10 XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 15:43:28 XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 09:26:00 XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 12:29:43 XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 14:42:55 XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 17:00:07 XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 13:06:15 XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 14:59:13 XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 15:35:06 XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 14:04:23 XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 11:40:59 XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 18:08:22 XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 06:53:44 XBV00042.VDF : 8.11.207.24 43520 Bytes 04.02.2015 06:53:44 XBV00043.VDF : 8.11.207.50 2048 Bytes 04.02.2015 06:53:44 XBV00044.VDF : 8.11.207.52 2048 Bytes 04.02.2015 06:53:44 XBV00045.VDF : 8.11.207.78 20480 Bytes 04.02.2015 06:53:45 XBV00046.VDF : 8.11.207.104 5632 Bytes 04.02.2015 06:53:45 XBV00047.VDF : 8.11.207.106 2048 Bytes 05.02.2015 06:53:45 XBV00048.VDF : 8.11.207.108 23040 Bytes 05.02.2015 06:53:45 XBV00049.VDF : 8.11.207.110 34304 Bytes 05.02.2015 06:53:46 XBV00050.VDF : 8.11.207.112 2048 Bytes 05.02.2015 06:53:46 XBV00051.VDF : 8.11.207.134 15360 Bytes 05.02.2015 06:53:46 XBV00052.VDF : 8.11.207.154 9728 Bytes 05.02.2015 06:53:46 XBV00053.VDF : 8.11.207.178 39936 Bytes 05.02.2015 06:53:46 XBV00054.VDF : 8.11.207.200 32256 Bytes 05.02.2015 06:53:47 XBV00055.VDF : 8.11.207.204 2560 Bytes 05.02.2015 06:53:47 XBV00056.VDF : 8.11.207.208 57856 Bytes 06.02.2015 06:53:47 XBV00057.VDF : 8.11.207.210 2048 Bytes 06.02.2015 06:53:47 XBV00058.VDF : 8.11.207.212 5120 Bytes 06.02.2015 06:53:48 XBV00059.VDF : 8.11.207.232 18944 Bytes 06.02.2015 06:53:48 XBV00060.VDF : 8.11.207.252 24576 Bytes 06.02.2015 06:53:48 XBV00061.VDF : 8.11.208.16 9216 Bytes 06.02.2015 06:53:48 XBV00062.VDF : 8.11.208.18 4096 Bytes 06.02.2015 06:53:48 XBV00063.VDF : 8.11.208.20 2560 Bytes 06.02.2015 06:53:49 XBV00064.VDF : 8.11.208.42 54272 Bytes 06.02.2015 06:53:49 XBV00065.VDF : 8.11.208.62 2048 Bytes 06.02.2015 06:53:49 XBV00066.VDF : 8.11.208.84 28160 Bytes 06.02.2015 06:53:49 XBV00067.VDF : 8.11.208.86 2048 Bytes 06.02.2015 06:53:50 XBV00068.VDF : 8.11.208.88 2048 Bytes 07.02.2015 06:53:50 XBV00069.VDF : 8.11.208.92 61440 Bytes 07.02.2015 18:53:51 XBV00070.VDF : 8.11.208.112 2048 Bytes 07.02.2015 18:53:52 XBV00071.VDF : 8.11.208.130 40448 Bytes 07.02.2015 18:53:57 XBV00072.VDF : 8.11.208.148 2048 Bytes 07.02.2015 18:53:58 XBV00073.VDF : 8.11.208.166 62976 Bytes 08.02.2015 16:05:08 XBV00074.VDF : 8.11.208.184 2048 Bytes 08.02.2015 16:05:08 XBV00075.VDF : 8.11.208.204 32768 Bytes 08.02.2015 16:05:09 XBV00076.VDF : 8.11.208.206 49664 Bytes 09.02.2015 16:05:09 XBV00077.VDF : 8.11.208.224 5120 Bytes 09.02.2015 16:05:09 XBV00078.VDF : 8.11.208.242 5120 Bytes 09.02.2015 16:05:10 XBV00079.VDF : 8.11.209.4 17920 Bytes 09.02.2015 16:05:10 XBV00080.VDF : 8.11.209.22 7680 Bytes 09.02.2015 16:05:10 XBV00081.VDF : 8.11.209.28 30720 Bytes 09.02.2015 16:05:11 XBV00082.VDF : 8.11.209.34 24064 Bytes 09.02.2015 16:05:11 XBV00083.VDF : 8.11.209.36 2048 Bytes 09.02.2015 16:05:11 XBV00084.VDF : 8.11.209.38 12800 Bytes 09.02.2015 16:05:12 XBV00085.VDF : 8.11.209.42 36352 Bytes 10.02.2015 16:05:12 XBV00086.VDF : 8.11.209.44 3584 Bytes 10.02.2015 16:05:12 XBV00087.VDF : 8.11.209.46 16384 Bytes 10.02.2015 16:05:13 XBV00088.VDF : 8.11.209.48 33280 Bytes 10.02.2015 16:05:13 LOCAL000.VDF : 8.11.209.48 120876032 Bytes 10.02.2015 16:06:11 Engineversion : 8.3.28.16 AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 13:10:00 AESCRIPT.DLL : 8.2.2.54 550824 Bytes 07.02.2015 06:53:37 AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 20:13:40 AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 18:38:35 AERDL.DLL : 8.2.1.16 743328 Bytes 31.10.2014 12:31:25 AEPACK.DLL : 8.4.0.58 789360 Bytes 16.01.2015 13:53:46 AEOFFICE.DLL : 8.3.1.10 351088 Bytes 16.01.2015 13:53:44 AEMOBILE.DLL : 8.1.2.0 277360 Bytes 22.12.2014 17:07:16 AEHEUR.DLL : 8.1.4.1522 8071080 Bytes 07.02.2015 06:53:36 AEHELP.DLL : 8.3.1.0 278728 Bytes 29.05.2014 03:13:16 AEGEN.DLL : 8.1.7.40 456608 Bytes 22.12.2014 17:06:04 AEEXP.DLL : 8.4.2.70 255904 Bytes 07.02.2015 06:53:37 AEEMU.DLL : 8.1.3.4 399264 Bytes 08.08.2014 15:32:07 AEDROID.DLL : 8.4.3.6 850800 Bytes 22.12.2014 17:07:15 AECORE.DLL : 8.3.4.0 243624 Bytes 22.12.2014 17:05:57 AEBB.DLL : 8.1.2.0 60448 Bytes 08.08.2014 15:31:45 AVWINLL.DLL : 14.0.7.308 25904 Bytes 18.11.2014 11:48:39 AVPREF.DLL : 14.0.7.308 52016 Bytes 18.11.2014 11:49:16 AVREP.DLL : 14.0.7.308 220976 Bytes 18.11.2014 11:49:20 AVARKT.DLL : 14.0.7.308 227632 Bytes 18.11.2014 11:48:41 AVEVTLOG.DLL : 14.0.7.440 184112 Bytes 11.12.2014 12:00:42 SQLITE3.DLL : 14.0.7.308 453936 Bytes 18.11.2014 11:56:02 AVSMTP.DLL : 14.0.7.308 79096 Bytes 18.11.2014 11:49:50 NETNT.DLL : 14.0.7.308 15152 Bytes 18.11.2014 11:54:38 RCIMAGE.DLL : 14.0.7.308 4865328 Bytes 18.11.2014 11:48:39 RCTEXT.DLL : 14.0.7.318 77048 Bytes 18.11.2014 11:48:39 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_54dace99\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: Reparieren Sekundäre Aktion......................: Quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Prüfe alle Dateien....................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: Vollständig Abweichende Gefahrenkategorien........: +GAME,+JOKE,+SPR, Beginn des Suchlaufs: 11 فروری, 2015 08:47 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '112' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '154' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '92' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'AERTSr64.exe' - '8' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '124' Modul(e) wurden durchsucht Durchsuche Prozess 'Ath_CoexAgent.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'adminservice.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'HPDrvMntSvc.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'HPWMISVC.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'RIconMan.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'pdfsvc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'sftvsa.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'sftlist.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '126' Modul(e) wurden durchsucht Durchsuche Prozess 'CVHSVC.EXE' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'TrustedInstaller.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleUpdate.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleUpdate.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'hphc_service.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'HPWA_Service.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqWmiEx.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '107' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleUpdate.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '162' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'sidebar.exe' - '96' Modul(e) wurden durchsucht Durchsuche Prozess 'TrueCrypt.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '114' Modul(e) wurden durchsucht Durchsuche Prozess 'Avira.OE.Systray.exe' - '124' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'msiexec.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'YCMMirage.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'CVH.EXE' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'WINWORDC.EXE' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'OfficeVirt.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'OSPPSVC.EXE' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'splwow64.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'MsiExec.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'OffSpon.EXE' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '115' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Program Files (x86)\XXXChurch\X3Watch\X3WatchProxyChecker.exe' C:\Program Files (x86)\XXXChurch\X3Watch\X3WatchProxyChecker.exe [FUND] Ist das Trojanische Pferd TR/Dropper.MSIL.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '485d66ac.qua' verschoben! Ende des Suchlaufs: 11 فروری, 2015 08:47 Benötigte Zeit: 00:41 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 928 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 927 Dateien ohne Befall 1 Archive wurden durchsucht 0 Warnungen 1 Hinweise Hier das erste Logfile von FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 01 Ran by ema (administrator) on CEMA on 11-02-2015 20:43:55 Running from C:\Users\ema\Desktop Loaded Profiles: ema (Available profiles: ema) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Dynamic Internet Technology, Inc.) C:\Users\ema\Desktop\fg752p.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE () Q:\140066.deu\Office14\WINWORDC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe () Q:\140066.DEU\OFFICE14\OffSpon.EXE (Rick Meyers) C:\Program Files (x86)\e-Sword\e-Sword.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [McAfeeUpdaterUI] => "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2012-01-23] (TrueCrypt Foundation) HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\MountPoints2: F - F:\Setup.exe HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\MountPoints2: {11f28498-80d1-11e1-a14a-68a3c4b9cf4d} - F:\Setup.exe HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\MountPoints2: {11f2849d-80d1-11e1-a14a-68a3c4b9cf4d} - F:\Setup.exe HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\MountPoints2: {663b3211-4042-11e1-b16b-68a3c4ba3edd} - F:\LaunchU3.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X3Watch.lnk ShortcutTarget: X3Watch.lnk -> C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3}\NewShortcut1_D74C6BBD2867476BAF40C953E203B25E.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X3WatchProxyChecker.lnk ShortcutTarget: X3WatchProxyChecker.lnk -> C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3}\NewShortcut3_D99F648AB230462A948D38A8F7FE6938.exe (Flexera Software LLC) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-2715789944-1795615652-4197114747-1000] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-2715789944-1795615652-4197114747-1000] => 127.0.0.1:8580 HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/ HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = SearchScopes: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617 FF Homepage: www.dict.cc FF NetworkProxy: "backup.ftp", "10.0.0.1" FF NetworkProxy: "backup.ftp_port", 8080 FF NetworkProxy: "backup.socks", "10.0.0.1" FF NetworkProxy: "backup.socks_port", 8080 FF NetworkProxy: "backup.ssl", "10.0.0.1" FF NetworkProxy: "backup.ssl_port", 8080 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 8580 FF NetworkProxy: "gopher", "127.0.0.1" FF NetworkProxy: "gopher_port", 8580 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8580 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8580 FF NetworkProxy: "type", 0 FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll (VideoDownloadConverter) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll () FF Extension: Avira Browser Safety - C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617\Extensions\abs@avira.com [2015-02-02] FF Extension: Easy Youtube Video Downloader Express - C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-02-03] FF Extension: GProxy Tool - C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617\Extensions\{DCE88800-9606-11DC-8919-D33056D89593}.xpi [2015-01-20] FF Extension: DownThemAll! - C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-20] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-11] FF HKLM-x32\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\ema\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks FF Extension: Smiley Bar for Facebook - C:\Users\ema\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-01-12] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-23] FF HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\ema\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks FF HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\ema\AppData\Roaming\StatusWinks\statuswinks.crx [2012-11-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG) R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-07-13] (AVM Berlin) S3 evusbat; C:\Windows\System32\DRIVERS\evusbat.sys [152448 2009-06-05] (A3 Incorporated) S3 evusbdiag; C:\Windows\System32\DRIVERS\evusbdiag.sys [152448 2009-06-05] (A3 Incorporated) S3 evusbmdm; C:\Windows\System32\DRIVERS\evusbmdm.sys [152448 2009-06-05] (A3 Incorporated) S3 evusbvoc; C:\Windows\System32\DRIVERS\evusbvoc.sys [152448 2009-06-05] (A3 Incorporated) S3 Iviaspi; C:\Windows\SysWOW64\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 20:43 - 2015-02-11 20:44 - 00019428 _____ () C:\Users\ema\Desktop\FRST.txt 2015-02-11 20:43 - 2015-02-11 20:44 - 00000000 ____D () C:\FRST 2015-02-11 20:23 - 2015-02-11 19:39 - 02134016 _____ (Farbar) C:\Users\ema\Desktop\FRST64.exe 2015-02-11 20:21 - 2015-02-11 20:21 - 00000468 _____ () C:\Users\ema\Desktop\defogger_disable.log 2015-02-11 20:21 - 2015-02-11 20:21 - 00000000 _____ () C:\Users\ema\defogger_reenable 2015-02-11 20:20 - 2015-02-11 20:20 - 00050477 _____ () C:\Users\ema\Desktop\Defogger.exe 2015-02-11 17:51 - 2015-02-11 17:51 - 00023843 _____ () C:\Users\ema\Desktop\2014-15 Evacuation to ISB.odt 2015-02-11 11:42 - 2015-02-11 11:44 - 00000000 ____D () C:\Users\ema\Desktop\Steel 2015-02-11 08:37 - 2015-02-11 17:40 - 00001758 _____ () C:\Windows\setupact.log 2015-02-11 08:37 - 2015-02-11 08:37 - 00001074 _____ () C:\Windows\PFRO.log 2015-02-11 08:37 - 2015-02-11 08:37 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-10 23:53 - 2015-02-10 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XXXChurch 2015-02-10 23:53 - 2015-02-10 23:53 - 00000000 ____D () C:\Program Files (x86)\XXXChurch 2015-02-10 23:48 - 2014-10-24 20:22 - 43736135 _____ (XXXChurch) C:\Users\ema\Documents\X3Watch.exe 2015-01-29 21:52 - 2015-01-29 00:23 - 00214628 _____ () C:\Users\ema\Downloads\watch_002.htm 2015-01-27 21:45 - 2015-01-27 21:45 - 00212825 _____ () C:\Users\ema\Downloads\watch_001.htm 2015-01-27 21:22 - 2015-01-27 21:22 - 00180404 _____ () C:\Users\ema\Downloads\watch.htm 2015-01-27 21:12 - 2015-01-27 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 23:30 - 2015-01-26 23:30 - 00018304 _____ () C:\Users\ema\Desktop\Englisch ref.odt 2015-01-20 16:27 - 2015-02-11 20:42 - 00000452 _____ () C:\Users\ema\Desktop\fg.ini 2015-01-20 16:27 - 2015-01-20 16:27 - 00000516 _____ () C:\Users\ema\Desktop\dtwpc.dat 2015-01-20 16:15 - 2015-01-01 21:12 - 02488096 _____ (Dynamic Internet Technology, Inc.) C:\Users\ema\Desktop\fg752p.exe 2015-01-19 09:47 - 2015-01-19 09:47 - 00000000 __SHD () C:\Users\ema\AppData\Local\EmieBrowserModeList 2015-01-18 23:08 - 2015-01-18 23:08 - 00395609 _____ () C:\Users\ema\Desktop\Unbenannt.wma 2015-01-16 21:49 - 2014-12-19 08:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-16 21:49 - 2014-12-19 06:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-16 21:49 - 2014-12-12 10:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-16 21:49 - 2014-12-12 10:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-16 21:49 - 2014-12-12 10:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-16 21:49 - 2014-12-12 10:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-16 21:49 - 2014-12-12 10:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-16 21:49 - 2014-12-12 10:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-16 21:49 - 2014-12-12 10:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-16 21:49 - 2014-12-11 22:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-16 21:49 - 2014-12-06 09:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-16 21:49 - 2014-12-06 08:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-16 21:49 - 2014-12-06 08:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-15 00:06 - 2015-01-15 00:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 20:21 - 2012-01-12 15:55 - 00000000 ____D () C:\Users\ema 2015-02-11 20:16 - 2011-05-28 02:04 - 02066187 _____ () C:\Windows\WindowsUpdate.log 2015-02-11 19:49 - 2012-01-19 17:20 - 00000000 ____D () C:\Users\ema\Documents\studies 2015-02-11 17:50 - 2009-07-14 09:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-11 17:50 - 2009-07-14 09:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-11 17:42 - 2011-05-09 15:38 - 00000000 ____D () C:\ProgramData\PDFC 2015-02-11 17:40 - 2009-07-14 10:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-11 15:35 - 2012-01-12 22:24 - 00000000 ____D () C:\Users\ema\AppData\Roaming\SoftGrid Client 2015-02-11 15:32 - 2011-05-10 01:12 - 00702028 _____ () C:\Windows\system32\perfh007.dat 2015-02-11 15:32 - 2011-05-10 01:12 - 00150638 _____ () C:\Windows\system32\perfc007.dat 2015-02-11 15:32 - 2009-07-14 10:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-11 09:28 - 2012-01-12 16:11 - 00079448 _____ () C:\Users\ema\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-11 08:49 - 2012-07-28 23:43 - 00000000 ____D () C:\output 2015-02-11 08:37 - 2012-01-15 21:15 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-11 08:37 - 2012-01-15 21:15 - 00001014 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-10 21:26 - 2011-05-09 15:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-10 21:26 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2015-02-10 21:25 - 2012-01-15 21:15 - 00004026 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-10 21:25 - 2012-01-15 21:15 - 00003774 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-10 21:19 - 2013-01-19 17:29 - 00000000 ____D () C:\Windows\Minidump 2015-02-10 21:19 - 2012-01-15 20:51 - 00000000 ____D () C:\Users\ema\AppData\Local\CrashDumps 2015-02-10 21:07 - 2014-08-14 18:45 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-10 21:07 - 2013-03-23 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-10 21:06 - 2013-03-23 11:08 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-02-10 21:05 - 2012-01-12 16:12 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C3AE9CE-BEFD-4CC7-B77C-79FC2D172507} 2015-02-08 22:58 - 2012-10-16 17:35 - 00000000 ____D () C:\Users\ema\AppData\Roaming\vlc 2015-02-08 21:16 - 2012-01-16 17:31 - 00000000 ____D () C:\Users\ema\AppData\Roaming\Skype 2015-02-07 11:49 - 2014-07-13 23:10 - 00000000 ____D () C:\Users\ema\AppData\Local\Deployment 2015-02-02 22:00 - 2012-01-12 22:23 - 01600324 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-28 17:06 - 2012-05-25 00:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 12:21 - 2014-07-25 00:15 - 00000000 ____D () C:\Users\ema\Desktop\Inventory old 2015-01-25 19:30 - 2014-10-04 12:39 - 00000000 ____D () C:\Users\ema\Desktop\Neuer Ordner 2015-01-22 22:53 - 2012-05-10 14:32 - 00000000 ____D () C:\Users\ema\school - MCS 2015-01-22 20:03 - 2014-10-01 18:15 - 00000000 ____D () C:\Users\ema\Documents\Youcam 2015-01-20 20:28 - 2012-01-12 15:56 - 00000000 ____D () C:\Users\ema\AppData\Local\VirtualStore 2015-01-18 22:45 - 2014-04-10 10:31 - 00000000 ____D () C:\Users\ema\Desktop\Dokumente 2015-01-18 19:33 - 2012-04-29 22:32 - 00000000 ____D () C:\Users\ema\Documents\persönliches 2015-01-16 21:58 - 2013-07-25 21:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-16 21:51 - 2012-01-16 17:47 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-15 13:55 - 2012-01-16 17:31 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-15 13:55 - 2011-05-09 15:39 - 00000000 ____D () C:\ProgramData\Skype 2015-01-13 05:03 - 2014-07-26 17:48 - 00002477 _____ () C:\Users\ema\Documents\Backup.ffs_gui 2015-01-13 05:02 - 2014-07-29 17:08 - 00000000 ____D () C:\Users\ema\Archiv ==================== Files in the root of some directories ======= 2011-01-19 16:30 - 2011-01-19 16:30 - 142700671 _____ () C:\Program Files (x86)\openofficeorg1.cab 2011-01-19 16:34 - 2011-01-19 16:34 - 3003392 _____ () C:\Program Files (x86)\openofficeorg33.msi 2011-01-19 16:33 - 2011-01-19 16:33 - 0475016 _____ () C:\Program Files (x86)\setup.exe 2011-01-19 15:15 - 2011-01-19 15:15 - 0000290 _____ () C:\Program Files (x86)\setup.ini 2014-04-05 22:10 - 2014-04-05 22:12 - 0596924 _____ () C:\Users\ema\AppData\Roaming\Scorch_Install.log 2012-06-17 01:28 - 2014-01-17 20:44 - 0012288 _____ () C:\Users\ema\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-02-22 23:50 - 2013-02-22 23:50 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-08-23 14:17 - 2014-09-09 23:42 - 0001813 _____ () C:\ProgramData\hpzinstall.log 2012-01-23 17:51 - 2011-09-21 18:31 - 0007680 _____ () C:\ProgramData\Z@!-ee4565ec-37c8-4954-b70d-4cece1ec5256.tmp Some content of TEMP: ==================== C:\Users\ema\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-04 22:47 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 01 Ran by ema at 2015-02-11 20:45:06 Running from C:\Users\ema\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.60 - Atheros Communications) Bombermaaan 1.4 (HKLM-x32\...\{451C4ACA-0B6A-4564-BD9D-A6C365DB9C76}_is1) (Version: - The Bombermaaan team) BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - ) Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3922 - CyberLink Corp.) D1600 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden DJ_SF_06_D1600_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.28 - NCH Software) Dropbox (HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.20141106 - Landesfinanzdirektion Thüringen) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) e-Sword (HKLM-x32\...\{118071AB-6572-4FAD-A1FD-67264C994350}) (Version: 10.01.0000 - Rick Meyers) FLV Player (HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\FLV Player) (Version: 1.1 - Somoto Ltd.) <==== ATTENTION FreeFileSync 6.7 (HKLM-x32\...\FreeFileSync) (Version: 6.7 - Zenju) FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6 (HKLM\...\{96178C0A-BAF9-4E49-A2A5-CDE76722105B}) (Version: 14.0 - HP) HP Documentation (HKLM-x32\...\{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}) (Version: 1.1.0.0 - Hewlett-Packard) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP On Screen Display (HKLM-x32\...\{124DB96E-CBF5-44FB-AB59-7D2444DEC777}) (Version: 1.0.7 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{B97E3520-C726-475E-BC0C-7561952633AB}) (Version: 1.2.1 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Software Framework (HKLM-x32\...\{01E73CF7-3B8E-49F6-B09C-3FB122B3938A}) (Version: 4.0.108.1 - Hewlett-Packard Company) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}) (Version: 5.1.11.1 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) InterVideo WinDVD Creator 3 (HKLM-x32\...\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}) (Version: 3.0.01.214 - InterVideo Inc.) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle) Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation) MixPad Audio Mixer (HKLM-x32\...\MixPad) (Version: - NCH Software) Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) Naturwissenschaften Arbeitsblätter 2 (HKLM-x32\...\{1CCD1A54-819D-448A-9029-27FA4FEF6C5A}) (Version: 1.00 - ) NCH Tone Generator (HKLM-x32\...\ToneGen) (Version: - NCH Software) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.34 - PDF Complete, Inc) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation) Vegas Movie Studio HD Platinum 10.0 (HKLM-x32\...\{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}) (Version: 10.0.179 - Sony) VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: - NCH Software) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN) WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: - NCH Software) WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) X3Watch (HKLM-x32\...\{BCF442DC-768A-4383-AFD7-E239F715ADB3}) (Version: 2.0.0.5 - XXXChurch) Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ema\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ema\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ema\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ema\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ema\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ema\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ema\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ema\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ema\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 28-12-2014 17:50:47 Windows Update 06-01-2015 21:46:01 Windows Update 11-01-2015 17:19:55 Windows Update 16-01-2015 21:49:51 Windows Update 23-01-2015 17:25:29 Windows Update 27-01-2015 19:56:12 Windows Update 01-02-2015 17:44:38 Windows Update 02-02-2015 21:43:23 Windows Update 10-02-2015 23:52:40 Installed X3Watch. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 07:34 - 2009-06-11 02:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1EB4AB79-59CC-4FE0-A9C5-154C9E64B21C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-01] (Hewlett-Packard Company) Task: {407FF732-5491-41D5-830B-92774086F0E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd) Task: {682AB7D1-16F7-4956-99AF-E01F89F56C62} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION Task: {8423E211-FF0F-477C-87DF-2E78C7BBEF13} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {96807FE4-5181-4352-B79C-09F4160FF18A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-23] (CyberLink) Task: {9ABD5107-B3DF-4728-B64B-060CAD80EDA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {9BA2419E-A7C2-4531-8FD5-B488226B778D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {D0D77A5E-897C-43A8-ADCE-D2209461C585} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {FCB10FE6-2BF1-44A2-B789-5BF749A4CE0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-01] (Hewlett-Packard Company) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2010-07-21 17:33 - 2010-07-21 17:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll 2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe 2015-01-15 00:06 - 2015-01-15 00:06 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2015-01-15 00:06 - 2015-01-15 00:06 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2015-01-15 00:06 - 2015-01-15 00:06 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2014-10-17 02:17 - 2014-10-17 02:17 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll 2011-05-28 02:06 - 2010-09-13 21:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2000-01-11 13:03 - 2000-01-11 13:03 - 00083368 _____ () C:\Windows\SysWOW64\vsthes6.ocx 2000-10-11 08:39 - 2000-10-11 08:39 - 00160096 _____ () C:\Windows\SysWOW64\vsspell6.ocx 2015-01-27 21:12 - 2015-01-27 21:12 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ema\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^ema^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" MSCONFIG\startupreg: AVMUSBFernanschluss => "C:\Users\ema\AppData\Local\Apps\2.0\EWHK1BQ9.LNC\YBMDG4O5.V0P\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe" MSCONFIG\startupreg: FLV Player => C:\Users\ema\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe ==================== Accounts: ============================= Administrator (S-1-5-21-2715789944-1795615652-4197114747-500 - Administrator - Disabled) ema (S-1-5-21-2715789944-1795615652-4197114747-1000 - Administrator - Enabled) => C:\Users\ema Gast (S-1-5-21-2715789944-1795615652-4197114747-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2715789944-1795615652-4197114747-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/11/2015 05:51:28 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden. Error: (02/11/2015 05:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 00:40:54 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht. Error: (02/11/2015 00:31:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 00:30:13 PM) (Source: Avira Service Host) (EventID: 0) (User: ) Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription) bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (02/11/2015 08:48:34 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht. Error: (02/11/2015 08:47:19 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{608dd52e-3d3e-11e1-a1ba-68a3c4ba3edd}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (02/11/2015 08:47:18 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{608dd52e-3d3e-11e1-a1ba-68a3c4ba3edd}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (02/11/2015 08:39:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/10/2015 09:05:26 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT) Description: Die Anwendung oder der Dienst "Avira Service Host" konnte nicht heruntergefahren werden. System errors: ============= Error: (02/11/2015 08:28:25 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NetBT_Tcpip_{333A2199-6AF6-4ACE-BD44-587AD2588C35}", der der Hauptsuchdienst der Domäne für den %3-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (02/11/2015 07:29:22 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NetBT_Tcpip_{333A2199-6AF6-4ACE-BD44-587AD2588C35}", der der Hauptsuchdienst der Domäne für den %3-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (02/11/2015 06:04:23 PM) (Source: Tcpip) (EventID: 4199) (User: ) Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit dem Computer mit der Netzwerkhardwareadresse 10-08-B1-85-74-FD ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error: (02/11/2015 05:52:56 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NetBT_Tcpip_{333A2199-6AF6-4ACE-BD44-587AD2588C35}", der der Hauptsuchdienst der Domäne für den %3-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (02/11/2015 05:40:07 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\iviaspi.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (02/11/2015 03:29:37 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error: (02/11/2015 03:29:36 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error: (02/11/2015 03:29:35 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error: (02/11/2015 03:29:35 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error: (02/11/2015 03:28:57 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Microsoft Office Sessions: ========================= Error: (02/11/2015 05:51:28 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden. Error: (02/11/2015 05:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 00:40:54 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht. Error: (02/11/2015 00:31:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 00:30:13 PM) (Source: Avira Service Host) (EventID: 0) (User: ) Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription) bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (02/11/2015 08:48:34 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht. Error: (02/11/2015 08:47:19 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{608dd52e-3d3e-11e1-a1ba-68a3c4ba3edd}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (02/11/2015 08:47:18 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{608dd52e-3d3e-11e1-a1ba-68a3c4ba3edd}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (02/11/2015 08:39:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/10/2015 09:05:26 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT) Description: 0C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeAvira Service Host03026216124722043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00420072006F00770073006500720045007800740065006E00730069006F006E0043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004E006100740069007600650043006F00720065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530070006500650064007500700043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00570069006E0043006F00720065002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00530079007300740065006D002E0044006100740061002E00530051004C006900740065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072004E00610074006900760065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C0049006E007400650072006F0070002E00570055004100700069004C00690062002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E0043006F006D006D0075006E0069006300610074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C0049006F006E00690063002E005A00690070002E0052006500640075006300650064002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E0043006F006D006D0075006E0069006300610074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00440072006F00700062006F00780043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530065007200760069006300650048006F00730074002E00650078006500000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530070006500650064007500700043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00570069006E0043006F00720065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00640065002D00440045005C00410076006900720061002E004F0045002E00530065007200760069006300650048006F00730074002E007200650073006F00750072006300650073002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C004E004C006F0067002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C00530065007200760069006300650053007400610063006B002E0054006500780074002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410076006900720061005C004D0079002000410076006900720061005C0057006500620053006F0063006B006500740034004E00650074002E0064006C006C000000 ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU P7570 @ 2.26GHz Percentage of memory in use: 47% Total physical RAM: 3997.86 MB Available physical RAM: 2108.85 MB Total Pagefile: 7993.89 MB Available Pagefile: 5466.22 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:282.86 GB) (Free:84.48 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:14.94 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 4F1C5FDC) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ Und hier das logfile von GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-02-11 21:08:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ES2O 298.09GB Running: Gmer-19357.exe; Driver: C:\Users\ema\AppData\Local\Temp\pxldqpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 580 fffff800035f4084 77 bytes [4C, C1, 44, 0F, B6, A7, 83, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 658 fffff800035f40d2 43 bytes {ADD [RAX], AL; MOV [RDI+0x20], RAX; CALL 0x193a3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767b1401 2 bytes JMP 76f4b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767b1419 2 bytes JMP 76f4b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767b1431 2 bytes JMP 76fc8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767b144a 2 bytes CALL 76f248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767b14dd 2 bytes JMP 76fc87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767b14f5 2 bytes JMP 76fc8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767b150d 2 bytes JMP 76fc8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767b1525 2 bytes JMP 76fc8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767b153d 2 bytes JMP 76f3fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767b1555 2 bytes JMP 76f468ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767b156d 2 bytes JMP 76fc8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767b1585 2 bytes JMP 76fc8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767b159d 2 bytes JMP 76fc865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767b15b5 2 bytes JMP 76f3fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767b15cd 2 bytes JMP 76f4b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767b16b2 2 bytes JMP 76fc8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767b16bd 2 bytes JMP 76fc85f1 C:\Windows\syswow64\kernel32.dll ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Vielen Dank für die Hilfe im Voraus! mpiper P.S. Ich habe seither Dateien per USB Stick von diesem Laptop tranferiert. Besteht die Gefahr, dass der Trojaner auf den Stick übertragen wurde? |
11.02.2015, 17:38 | #2 |
/// the machine /// TB-Ausbilder | Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben hi,
__________________Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
11.02.2015, 20:00 | #3 |
| Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben Das mbam logfile:
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 11/02/2015 um 23:29:48 # Aktualisiert 05/02/2015 von Xplode # Datenbank : 2015-02-09.1 [Server] # Betriebssystem : Windows 7 Professional Service Pack 1 (x64) # Benutzername : ema - CEMA # Gestarted von : C:\Users\ema\Downloads\AdwCleaner_4.110.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\apn Ordner Gelöscht : C:\ProgramData\Premium Ordner Gelöscht : C:\Program Files (x86)\file scout Ordner Gelöscht : C:\Users\ema\AppData\Roaming\goforfiles Ordner Gelöscht : C:\Users\ema\AppData\Roaming\PerformerSoft Ordner Gelöscht : C:\Users\ema\AppData\Roaming\StatusWinks ***** [ Geplante Tasks ] ***** Task Gelöscht : Go for FilesUpdate ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gelöscht : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43} Schlüssel Gelöscht : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gelöscht : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\filescout Schlüssel Gelöscht : HKCU\Software\GoforFiles Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\foxydeal Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles Schlüssel Gelöscht : HKLM\SOFTWARE\SoftwareUpdater Schlüssel Gelöscht : HKLM\SOFTWARE\Vittalia JRT logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 7 Professional x64 Ran by ema on Wed 11/02/2015 at 23:48:39.53 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_sonic-visualiser_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_sonic-visualiser_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_sonic-visualiser_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_sonic-visualiser_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{0B5E17CB-580A-4A06-83F5-4222E6279909} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{0F4594D5-32B6-4655-AAAF-FCCFD1104B6D} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{122E1FFE-43AD-416D-8F83-6FDB9600C0B2} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{13BDB3C7-3E63-4BC6-B65A-88CA9C5C222D} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{186DFB1F-569C-4CF5-AC47-ABB27D4FB1E9} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{215C5F31-F041-440D-8DA8-48BF9222671D} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{23FBB40B-DAE3-49AB-863D-B41E63072314} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{267B5D3B-D317-4CA7-B4B9-A3E26F107E82} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{2F8AF817-94E8-4FB0-A28D-84A50DF2E4C1} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{3C2C66B1-6D21-4255-A9BE-E0E7D0F3A968} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{3D952681-C50F-4AED-9E92-1AD56CB6FC96} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{4EDD8E35-127F-459E-A50F-413C98B5DAA4} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{50DB44BB-5C8A-4791-91E9-A06F87E2F9D7} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{53B6B301-B788-462D-A420-D8465D5BEC53} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{581B516D-9CA6-49D7-8135-DA2B891A65EF} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{5D78BB4F-8A98-4020-AEFF-C75ABC7009B4} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{646CF8CF-76DB-4D90-8BA1-C1BD332CD042} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{7087BDCC-A5B4-4D81-A44B-0637D30DB852} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{72A28874-3214-485B-9F36-71FE4DEBA86D} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{747DAFBC-C935-41C8-9837-9F3C077A9CF0} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{7ECF46D6-F73E-44FF-9CC2-5230047A21F3} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{7FE907D6-3268-48FA-82B8-09919BD3BDC1} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{7FED3646-8C6F-4151-9A19-3AA7C226E07A} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{838B0E8E-3B92-4130-B337-2A750FAD4C2E} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{87AE03BC-D943-48DE-A172-BED951C7506D} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{99BBF79B-1CD4-468D-8AA6-EA79E6494162} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{9DE38EC5-5CF6-4EF5-A8E1-31DE0D874A46} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{A96C30D4-EDBF-4039-9B7F-78E61424644E} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{B5F02459-DE5A-4859-A3A5-A0228449EF5C} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{B75020BD-5691-43F9-A6EF-040637C1274D} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{BC5092F8-F04B-40A9-81F3-3571B3B456BB} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{BD0FA354-AAFD-4447-9E10-541344DF8AF4} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{BD434FDA-612A-4DDC-9A94-8FB1AA1841E0} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{C22292F5-84A1-4467-BB7C-DAAF4B2B6E78} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{CA2C5130-3528-4CAE-BCC9-D734F222090E} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{CE3BA70A-1EB7-47D2-B88B-8649264F40CA} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{D16359F8-38CF-4F1D-A263-27B8842B2CC3} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{D2C57E6C-98F7-4B2A-A62F-579AB73F9EE0} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{DCF03497-121B-4272-8B6F-1A9095090CAE} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{E057C102-F9F5-4477-BFF9-B2194349B6E2} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{ECC06C47-7C8E-4C42-A40D-E81BD481D010} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{FD4B54DF-63F7-49C4-8937-EB4502D01212} Successfully deleted: [Empty Folder] C:\Users\ema\appdata\local\{FE822E45-489F-482B-897D-94EC05479F05} ~~~ FireFox Emptied folder: C:\Users\ema\AppData\Roaming\mozilla\firefox\profiles\ym8h7fur.default-1386698245617\minidumps [122 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 11/02/2015 at 23:53:03.96 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 01 Ran by ema (administrator) on CEMA on 11-02-2015 23:53:42 Running from C:\Users\ema\Desktop Loaded Profiles: ema (Available profiles: ema) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [McAfeeUpdaterUI] => "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2012-01-23] (TrueCrypt Foundation) HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\MountPoints2: F - F:\Setup.exe HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\MountPoints2: {11f28498-80d1-11e1-a14a-68a3c4b9cf4d} - F:\Setup.exe HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\MountPoints2: {11f2849d-80d1-11e1-a14a-68a3c4b9cf4d} - F:\Setup.exe HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\MountPoints2: {663b3211-4042-11e1-b16b-68a3c4ba3edd} - F:\LaunchU3.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X3Watch.lnk ShortcutTarget: X3Watch.lnk -> C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3}\NewShortcut1_D74C6BBD2867476BAF40C953E203B25E.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X3WatchProxyChecker.lnk ShortcutTarget: X3WatchProxyChecker.lnk -> C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3}\NewShortcut3_D99F648AB230462A948D38A8F7FE6938.exe (Flexera Software LLC) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/ HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617 FF Homepage: www.dict.cc FF NetworkProxy: "backup.ftp", "10.0.0.1" FF NetworkProxy: "backup.ftp_port", 8080 FF NetworkProxy: "backup.socks", "10.0.0.1" FF NetworkProxy: "backup.socks_port", 8080 FF NetworkProxy: "backup.ssl", "10.0.0.1" FF NetworkProxy: "backup.ssl_port", 8080 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 8580 FF NetworkProxy: "gopher", "127.0.0.1" FF NetworkProxy: "gopher_port", 8580 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8580 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8580 FF NetworkProxy: "type", 0 FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll () FF Extension: Avira Browser Safety - C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617\Extensions\abs@avira.com [2015-02-02] FF Extension: Easy Youtube Video Downloader Express - C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-02-03] FF Extension: GProxy Tool - C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617\Extensions\{DCE88800-9606-11DC-8919-D33056D89593}.xpi [2015-01-20] FF Extension: DownThemAll! - C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-20] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-11] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-23] FF HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\ema\AppData\Roaming\StatusWinks\statuswinks.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG) R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-07-13] (AVM Berlin) S3 evusbat; C:\Windows\System32\DRIVERS\evusbat.sys [152448 2009-06-05] (A3 Incorporated) S3 evusbdiag; C:\Windows\System32\DRIVERS\evusbdiag.sys [152448 2009-06-05] (A3 Incorporated) S3 evusbmdm; C:\Windows\System32\DRIVERS\evusbmdm.sys [152448 2009-06-05] (A3 Incorporated) S3 evusbvoc; C:\Windows\System32\DRIVERS\evusbvoc.sys [152448 2009-06-05] (A3 Incorporated) S3 Iviaspi; C:\Windows\SysWOW64\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 23:53 - 2015-02-11 23:53 - 00007310 _____ () C:\Users\ema\Desktop\JRT.txt 2015-02-11 23:47 - 2015-02-11 23:48 - 01388274 _____ (Thisisu) C:\Users\ema\Desktop\JRT.exe 2015-02-11 23:27 - 2015-02-11 23:38 - 00000000 ____D () C:\AdwCleaner 2015-02-11 23:23 - 2015-02-11 23:24 - 02112512 _____ () C:\Users\ema\Desktop\AdwCleaner_4.110.exe 2015-02-11 23:22 - 2015-02-11 23:22 - 00000049 _____ () C:\Users\ema\Desktop\mbam.txt 2015-02-11 22:51 - 2015-02-11 23:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-11 22:50 - 2015-02-11 22:50 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-11 22:50 - 2015-02-11 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-11 22:50 - 2015-02-11 22:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-11 22:50 - 2015-02-11 22:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-11 22:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-11 22:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-11 22:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-11 22:45 - 2015-02-11 22:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ema\Desktop\mbam-setup-2.0.4.1028.exe 2015-02-11 22:37 - 2015-02-11 22:37 - 00001228 _____ () C:\Users\ema\Desktop\Revo Uninstaller.lnk 2015-02-11 22:37 - 2015-02-11 22:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-02-11 22:35 - 2015-02-11 22:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ema\Desktop\revosetup95.exe 2015-02-11 21:08 - 2015-02-11 21:08 - 00005263 _____ () C:\Users\ema\Desktop\gmer.txt 2015-02-11 20:51 - 2015-02-11 20:51 - 00380416 _____ () C:\Users\ema\Desktop\Gmer-19357.exe 2015-02-11 20:45 - 2015-02-11 20:45 - 00037355 _____ () C:\Users\ema\Desktop\Addition.txt 2015-02-11 20:43 - 2015-02-11 23:53 - 00016915 _____ () C:\Users\ema\Desktop\FRST.txt 2015-02-11 20:43 - 2015-02-11 23:53 - 00000000 ____D () C:\FRST 2015-02-11 20:23 - 2015-02-11 19:39 - 02134016 _____ (Farbar) C:\Users\ema\Desktop\FRST64.exe 2015-02-11 20:21 - 2015-02-11 20:21 - 00000468 _____ () C:\Users\ema\Desktop\defogger_disable.log 2015-02-11 20:21 - 2015-02-11 20:21 - 00000000 _____ () C:\Users\ema\defogger_reenable 2015-02-11 20:20 - 2015-02-11 20:20 - 00050477 _____ () C:\Users\ema\Desktop\Defogger.exe 2015-02-11 17:51 - 2015-02-11 17:51 - 00023843 _____ () C:\Users\ema\Desktop\2014-15 Evacuation to ISB.odt 2015-02-11 11:42 - 2015-02-11 11:44 - 00000000 ____D () C:\Users\ema\Desktop\Steel 2015-02-11 08:37 - 2015-02-11 23:33 - 00006060 _____ () C:\Windows\PFRO.log 2015-02-11 08:37 - 2015-02-11 23:33 - 00001870 _____ () C:\Windows\setupact.log 2015-02-11 08:37 - 2015-02-11 08:37 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-10 23:53 - 2015-02-10 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XXXChurch 2015-02-10 23:53 - 2015-02-10 23:53 - 00000000 ____D () C:\Program Files (x86)\XXXChurch 2015-02-10 23:48 - 2014-10-24 20:22 - 43736135 _____ (XXXChurch) C:\Users\ema\Documents\X3Watch.exe 2015-01-29 21:52 - 2015-01-29 00:23 - 00214628 _____ () C:\Users\ema\Downloads\watch_002.htm 2015-01-27 21:45 - 2015-01-27 21:45 - 00212825 _____ () C:\Users\ema\Downloads\watch_001.htm 2015-01-27 21:22 - 2015-01-27 21:22 - 00180404 _____ () C:\Users\ema\Downloads\watch.htm 2015-01-27 21:12 - 2015-01-27 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 23:30 - 2015-01-26 23:30 - 00018304 _____ () C:\Users\ema\Desktop\Englisch ref.odt 2015-01-20 16:27 - 2015-02-11 23:10 - 00000523 _____ () C:\Users\ema\Desktop\fg.ini 2015-01-20 16:27 - 2015-01-20 16:27 - 00000516 _____ () C:\Users\ema\Desktop\dtwpc.dat 2015-01-20 16:15 - 2015-01-01 21:12 - 02488096 _____ (Dynamic Internet Technology, Inc.) C:\Users\ema\Desktop\fg752p.exe 2015-01-19 09:47 - 2015-01-19 09:47 - 00000000 __SHD () C:\Users\ema\AppData\Local\EmieBrowserModeList 2015-01-18 23:08 - 2015-01-18 23:08 - 00395609 _____ () C:\Users\ema\Desktop\Unbenannt.wma 2015-01-16 21:49 - 2014-12-19 08:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-16 21:49 - 2014-12-19 06:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-16 21:49 - 2014-12-12 10:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-16 21:49 - 2014-12-12 10:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-16 21:49 - 2014-12-12 10:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-16 21:49 - 2014-12-12 10:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-16 21:49 - 2014-12-12 10:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-16 21:49 - 2014-12-12 10:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-16 21:49 - 2014-12-12 10:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-16 21:49 - 2014-12-11 22:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-16 21:49 - 2014-12-06 09:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-16 21:49 - 2014-12-06 08:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-16 21:49 - 2014-12-06 08:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-15 00:06 - 2015-01-15 00:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 23:42 - 2009-07-14 09:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-11 23:42 - 2009-07-14 09:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-11 23:35 - 2011-05-09 15:38 - 00000000 ____D () C:\ProgramData\PDFC 2015-02-11 23:33 - 2009-07-14 10:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-11 23:32 - 2011-05-28 02:04 - 02088350 _____ () C:\Windows\WindowsUpdate.log 2015-02-11 23:30 - 2012-01-15 20:51 - 00000000 ____D () C:\Users\ema\AppData\Local\CrashDumps 2015-02-11 23:13 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\system 2015-02-11 23:11 - 2012-01-12 22:24 - 00000000 ____D () C:\Users\ema\AppData\Roaming\SoftGrid Client 2015-02-11 22:06 - 2012-01-12 16:12 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C3AE9CE-BEFD-4CC7-B77C-79FC2D172507} 2015-02-11 20:51 - 2012-01-19 17:20 - 00000000 ____D () C:\Users\ema\Documents\studies 2015-02-11 20:21 - 2012-01-12 15:55 - 00000000 ____D () C:\Users\ema 2015-02-11 15:32 - 2011-05-10 01:12 - 00702028 _____ () C:\Windows\system32\perfh007.dat 2015-02-11 15:32 - 2011-05-10 01:12 - 00150638 _____ () C:\Windows\system32\perfc007.dat 2015-02-11 15:32 - 2009-07-14 10:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-11 09:28 - 2012-01-12 16:11 - 00079448 _____ () C:\Users\ema\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-11 08:49 - 2012-07-28 23:43 - 00000000 ____D () C:\output 2015-02-11 08:37 - 2012-01-15 21:15 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-11 08:37 - 2012-01-15 21:15 - 00001014 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-10 21:26 - 2011-05-09 15:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-10 21:26 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2015-02-10 21:25 - 2012-01-15 21:15 - 00004026 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-10 21:25 - 2012-01-15 21:15 - 00003774 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-10 21:19 - 2013-01-19 17:29 - 00000000 ____D () C:\Windows\Minidump 2015-02-10 21:07 - 2014-08-14 18:45 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-10 21:07 - 2013-03-23 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-10 21:06 - 2013-03-23 11:08 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-02-08 22:58 - 2012-10-16 17:35 - 00000000 ____D () C:\Users\ema\AppData\Roaming\vlc 2015-02-08 21:16 - 2012-01-16 17:31 - 00000000 ____D () C:\Users\ema\AppData\Roaming\Skype 2015-02-07 11:49 - 2014-07-13 23:10 - 00000000 ____D () C:\Users\ema\AppData\Local\Deployment 2015-02-02 22:00 - 2012-01-12 22:23 - 01600324 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-28 17:06 - 2012-05-25 00:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 12:21 - 2014-07-25 00:15 - 00000000 ____D () C:\Users\ema\Desktop\Inventory old 2015-01-25 19:30 - 2014-10-04 12:39 - 00000000 ____D () C:\Users\ema\Desktop\Neuer Ordner 2015-01-22 22:53 - 2012-05-10 14:32 - 00000000 ____D () C:\Users\ema\school - MCS 2015-01-22 20:03 - 2014-10-01 18:15 - 00000000 ____D () C:\Users\ema\Documents\Youcam 2015-01-20 20:28 - 2012-01-12 15:56 - 00000000 ____D () C:\Users\ema\AppData\Local\VirtualStore 2015-01-18 22:45 - 2014-04-10 10:31 - 00000000 ____D () C:\Users\ema\Desktop\Dokumente 2015-01-18 19:33 - 2012-04-29 22:32 - 00000000 ____D () C:\Users\ema\Documents\persönliches 2015-01-16 21:58 - 2013-07-25 21:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-16 21:51 - 2012-01-16 17:47 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-15 13:55 - 2012-01-16 17:31 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-15 13:55 - 2011-05-09 15:39 - 00000000 ____D () C:\ProgramData\Skype 2015-01-13 05:03 - 2014-07-26 17:48 - 00002477 _____ () C:\Users\ema\Documents\Backup.ffs_gui 2015-01-13 05:02 - 2014-07-29 17:08 - 00000000 ____D () C:\Users\ema\Archiv ==================== Files in the root of some directories ======= 2011-01-19 16:30 - 2011-01-19 16:30 - 142700671 _____ () C:\Program Files (x86)\openofficeorg1.cab 2011-01-19 16:34 - 2011-01-19 16:34 - 3003392 _____ () C:\Program Files (x86)\openofficeorg33.msi 2011-01-19 16:33 - 2011-01-19 16:33 - 0475016 _____ () C:\Program Files (x86)\setup.exe 2011-01-19 15:15 - 2011-01-19 15:15 - 0000290 _____ () C:\Program Files (x86)\setup.ini 2014-04-05 22:10 - 2014-04-05 22:12 - 0596924 _____ () C:\Users\ema\AppData\Roaming\Scorch_Install.log 2012-06-17 01:28 - 2014-01-17 20:44 - 0012288 _____ () C:\Users\ema\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-02-22 23:50 - 2013-02-22 23:50 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-08-23 14:17 - 2014-09-09 23:42 - 0001813 _____ () C:\ProgramData\hpzinstall.log 2012-01-23 17:51 - 2011-09-21 18:31 - 0007680 _____ () C:\ProgramData\Z@!-ee4565ec-37c8-4954-b70d-4cece1ec5256.tmp Some content of TEMP: ==================== C:\Users\ema\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-04 22:47 ==================== End Of Log ============================ |
12.02.2015, 06:51 | #4 |
/// the machine /// TB-Ausbilder | Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschobenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.02.2015, 19:21 | #5 |
| Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben Das Eset log Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=8d02f0e8fef0ca4cacb5282cc610f079 # engine=22437 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-12 04:35:49 # local_time=2015-02-12 09:35:49 (+0500, Pakistan Normalzeit) # country="New Zealand" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 80555 168325527 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 784508 175388799 0 0 # scanned=194811 # found=14 # cleaned=0 # scan_time=6952 sh=4325BB0CA6010D21D687F5697D19E6871213823E ft=1 fh=375a6d326d72001d vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\MixPad\mixpad.exe" sh=4B75CC869813F5652DDC3BDBB219ACA44A3AD2FA ft=1 fh=c3c4b5c156fcc68c vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\MixPad\mpsetup_v3.17.exe" sh=BAB2C67436CB6204A8F7B18362BC7C4C2DF5426A ft=1 fh=cd6429f86d72001d vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\MixPad\uninst.exe" sh=AD013DC22D67048F07EF20409D4244614F98AD5C ft=1 fh=06e5f03d5fcfade3 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\ToneGen\tnsetup_v3.02.exe" sh=0102344B60E304C53FE18E43ACDA018E4793D6F2 ft=1 fh=25ec4fbf36c29781 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\ToneGen\tonegen.exe" sh=D15AC1231AB6E375D4E5719D60B819A0BC970BEB ft=1 fh=dfd20b7536c29781 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\ToneGen\uninst.exe" sh=2B51D22D9C35776114CDBE261D8A916BB59C570B ft=1 fh=47ec4f3960fc4f8f vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\VideoPad\uninst.exe" sh=6516305E7DD80E81AE0603FBCE24C10A8C4F7635 ft=1 fh=bdd20bf360fc4f8f vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe" sh=E27B3D7DC6E1D8EE5C398238C6E2059A385B0656 ft=1 fh=0a752b4a288ad097 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\VideoPad\vpsetup_v2.41.exe" sh=53A703CEEACAE9CF85088CB25734FA649D1F7412 ft=1 fh=a224ecd1fc044448 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\WavePad\uninst.exe" sh=6A1A6B8E397E74B17B29EE92E69E684E8745F1FE ft=1 fh=581aa81bfc044448 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe" sh=E010C9E6333BFDE93E2F2382C394434769B5E106 ft=1 fh=232a17c99b28fa3f vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\WavePad\wpsetup_v5.13.exe" sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{28523509-D1FC-0DDB-EF30-99DEF3B117FF}\_Setupx.dll" sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{28523509-D1FC-0DDB-EF30-99DEF3B117FF}\_Setupx.dll" Security check log Code:
ATTFilter Results of screen317's Security Check version 0.99.96 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 31 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Reader XI Mozilla Firefox (Firefox,. Firefox out of Date! Mozilla Thunderbird (31.4.0) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 01 Ran by ema (administrator) on CEMA on 12-02-2015 21:53:18 Running from C:\Users\ema\Desktop Loaded Profiles: ema (Available profiles: ema) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [McAfeeUpdaterUI] => "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2012-01-23] (TrueCrypt Foundation) HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\MountPoints2: F - F:\Setup.exe HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\MountPoints2: {11f28498-80d1-11e1-a14a-68a3c4b9cf4d} - F:\Setup.exe HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\MountPoints2: {11f2849d-80d1-11e1-a14a-68a3c4b9cf4d} - F:\Setup.exe HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\MountPoints2: {663b3211-4042-11e1-b16b-68a3c4ba3edd} - F:\LaunchU3.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X3Watch.lnk ShortcutTarget: X3Watch.lnk -> C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3}\NewShortcut1_D74C6BBD2867476BAF40C953E203B25E.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X3WatchProxyChecker.lnk ShortcutTarget: X3WatchProxyChecker.lnk -> C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3}\NewShortcut3_D99F648AB230462A948D38A8F7FE6938.exe (Flexera Software LLC) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/ HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-2715789944-1795615652-4197114747-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617 FF Homepage: www.dict.cc FF NetworkProxy: "backup.ftp", "10.0.0.1" FF NetworkProxy: "backup.ftp_port", 8080 FF NetworkProxy: "backup.socks", "10.0.0.1" FF NetworkProxy: "backup.socks_port", 8080 FF NetworkProxy: "backup.ssl", "10.0.0.1" FF NetworkProxy: "backup.ssl_port", 8080 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 8580 FF NetworkProxy: "gopher", "127.0.0.1" FF NetworkProxy: "gopher_port", 8580 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8580 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8580 FF NetworkProxy: "type", 4 FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll No File FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll () FF Extension: Avira Browser Safety - C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617\Extensions\abs@avira.com [2015-02-02] FF Extension: Easy Youtube Video Downloader Express - C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-02-03] FF Extension: GProxy Tool - C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617\Extensions\{DCE88800-9606-11DC-8919-D33056D89593}.xpi [2015-01-20] FF Extension: DownThemAll! - C:\Users\ema\AppData\Roaming\Mozilla\Firefox\Profiles\ym8h7fur.default-1386698245617\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-20] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-11] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-23] FF HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-2715789944-1795615652-4197114747-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\ema\AppData\Roaming\StatusWinks\statuswinks.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG) R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-07-13] (AVM Berlin) S3 evusbat; C:\Windows\System32\DRIVERS\evusbat.sys [152448 2009-06-05] (A3 Incorporated) S3 evusbdiag; C:\Windows\System32\DRIVERS\evusbdiag.sys [152448 2009-06-05] (A3 Incorporated) S3 evusbmdm; C:\Windows\System32\DRIVERS\evusbmdm.sys [152448 2009-06-05] (A3 Incorporated) S3 evusbvoc; C:\Windows\System32\DRIVERS\evusbvoc.sys [152448 2009-06-05] (A3 Incorporated) S3 Iviaspi; C:\Windows\SysWOW64\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 21:48 - 2015-02-12 21:48 - 00852594 _____ () C:\Users\ema\Desktop\SecurityCheck.exe 2015-02-12 19:13 - 2015-02-12 19:14 - 02347384 _____ (ESET) C:\Users\ema\Desktop\esetsmartinstaller_deu.exe 2015-02-12 19:04 - 2015-02-12 19:03 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-02-12 09:41 - 2015-02-12 09:52 - 00000000 ____D () C:\Users\ema\Desktop\Light and Color 2015-02-11 23:53 - 2015-02-11 23:53 - 00007310 _____ () C:\Users\ema\Desktop\JRT.txt 2015-02-11 23:47 - 2015-02-11 23:48 - 01388274 _____ (Thisisu) C:\Users\ema\Desktop\JRT.exe 2015-02-11 23:27 - 2015-02-11 23:38 - 00000000 ____D () C:\AdwCleaner 2015-02-11 23:23 - 2015-02-11 23:24 - 02112512 _____ () C:\Users\ema\Desktop\AdwCleaner_4.110.exe 2015-02-11 23:22 - 2015-02-11 23:22 - 00000049 _____ () C:\Users\ema\Desktop\mbam.txt 2015-02-11 22:51 - 2015-02-11 23:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-11 22:50 - 2015-02-11 22:50 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-11 22:50 - 2015-02-11 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-11 22:50 - 2015-02-11 22:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-11 22:50 - 2015-02-11 22:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-11 22:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-11 22:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-11 22:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-11 22:45 - 2015-02-11 22:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ema\Desktop\mbam-setup-2.0.4.1028.exe 2015-02-11 22:37 - 2015-02-11 22:37 - 00001228 _____ () C:\Users\ema\Desktop\Revo Uninstaller.lnk 2015-02-11 22:37 - 2015-02-11 22:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-02-11 22:35 - 2015-02-11 22:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ema\Desktop\revosetup95.exe 2015-02-11 21:08 - 2015-02-11 21:08 - 00005263 _____ () C:\Users\ema\Desktop\gmer.txt 2015-02-11 20:51 - 2015-02-11 20:51 - 00380416 _____ () C:\Users\ema\Desktop\Gmer-19357.exe 2015-02-11 20:45 - 2015-02-11 20:45 - 00037355 _____ () C:\Users\ema\Desktop\Addition.txt 2015-02-11 20:43 - 2015-02-12 21:53 - 00017089 _____ () C:\Users\ema\Desktop\FRST.txt 2015-02-11 20:43 - 2015-02-12 21:53 - 00000000 ____D () C:\FRST 2015-02-11 20:23 - 2015-02-11 19:39 - 02134016 _____ (Farbar) C:\Users\ema\Desktop\FRST64.exe 2015-02-11 20:21 - 2015-02-11 20:21 - 00000468 _____ () C:\Users\ema\Desktop\defogger_disable.log 2015-02-11 20:21 - 2015-02-11 20:21 - 00000000 _____ () C:\Users\ema\defogger_reenable 2015-02-11 20:20 - 2015-02-11 20:20 - 00050477 _____ () C:\Users\ema\Desktop\Defogger.exe 2015-02-11 17:51 - 2015-02-11 17:51 - 00023843 _____ () C:\Users\ema\Desktop\2014-15 Evacuation to ISB.odt 2015-02-11 11:42 - 2015-02-11 11:44 - 00000000 ____D () C:\Users\ema\Desktop\Steel 2015-02-11 08:37 - 2015-02-12 17:44 - 00002891 _____ () C:\Windows\setupact.log 2015-02-11 08:37 - 2015-02-11 23:33 - 00006060 _____ () C:\Windows\PFRO.log 2015-02-11 08:37 - 2015-02-11 08:37 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-10 23:53 - 2015-02-10 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XXXChurch 2015-02-10 23:53 - 2015-02-10 23:53 - 00000000 ____D () C:\Program Files (x86)\XXXChurch 2015-02-10 23:48 - 2014-10-24 20:22 - 43736135 _____ (XXXChurch) C:\Users\ema\Documents\X3Watch.exe 2015-01-29 21:52 - 2015-01-29 00:23 - 00214628 _____ () C:\Users\ema\Downloads\watch_002.htm 2015-01-27 21:45 - 2015-01-27 21:45 - 00212825 _____ () C:\Users\ema\Downloads\watch_001.htm 2015-01-27 21:22 - 2015-01-27 21:22 - 00180404 _____ () C:\Users\ema\Downloads\watch.htm 2015-01-27 21:12 - 2015-01-27 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 23:30 - 2015-01-26 23:30 - 00018304 _____ () C:\Users\ema\Desktop\Englisch ref.odt 2015-01-20 16:27 - 2015-02-12 02:14 - 00000576 _____ () C:\Users\ema\Desktop\fg.ini 2015-01-20 16:27 - 2015-01-20 16:27 - 00000516 _____ () C:\Users\ema\Desktop\dtwpc.dat 2015-01-20 16:15 - 2015-01-01 21:12 - 02488096 _____ (Dynamic Internet Technology, Inc.) C:\Users\ema\Desktop\fg752p.exe 2015-01-19 09:47 - 2015-01-19 09:47 - 00000000 __SHD () C:\Users\ema\AppData\Local\EmieBrowserModeList 2015-01-18 23:08 - 2015-01-18 23:08 - 00395609 _____ () C:\Users\ema\Desktop\Unbenannt.wma 2015-01-16 21:49 - 2014-12-19 08:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-16 21:49 - 2014-12-19 06:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-16 21:49 - 2014-12-12 10:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-16 21:49 - 2014-12-12 10:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-16 21:49 - 2014-12-12 10:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-16 21:49 - 2014-12-12 10:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-16 21:49 - 2014-12-12 10:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-16 21:49 - 2014-12-12 10:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-16 21:49 - 2014-12-12 10:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-16 21:49 - 2014-12-11 22:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-16 21:49 - 2014-12-06 09:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-16 21:49 - 2014-12-06 08:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-16 21:49 - 2014-12-06 08:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-15 00:06 - 2015-01-15 00:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 21:02 - 2011-05-28 02:04 - 01071986 _____ () C:\Windows\WindowsUpdate.log 2015-02-12 20:51 - 2012-01-19 17:20 - 00000000 ____D () C:\Users\ema\Documents\studies 2015-02-12 19:07 - 2013-11-13 21:32 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-12 19:05 - 2011-05-09 15:43 - 00000000 ____D () C:\Program Files (x86)\Java 2015-02-12 19:04 - 2011-05-09 15:43 - 00000000 ____D () C:\Program Files\Java 2015-02-12 19:02 - 2011-05-09 15:43 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-02-12 19:02 - 2011-05-09 15:43 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-02-12 19:02 - 2011-05-09 15:43 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-02-12 19:01 - 2013-11-13 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-02-12 19:00 - 2014-07-20 23:19 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-02-12 19:00 - 2014-07-20 23:19 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-02-12 19:00 - 2014-07-20 23:19 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-02-12 19:00 - 2014-07-20 23:19 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-02-12 17:54 - 2009-07-14 09:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-12 17:54 - 2009-07-14 09:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-12 17:45 - 2011-05-09 15:38 - 00000000 ____D () C:\ProgramData\PDFC 2015-02-12 17:44 - 2009-07-14 10:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-12 16:25 - 2012-10-16 17:35 - 00000000 ____D () C:\Users\ema\AppData\Roaming\vlc 2015-02-12 15:37 - 2012-01-12 22:24 - 00000000 ____D () C:\Users\ema\AppData\Roaming\SoftGrid Client 2015-02-12 12:05 - 2012-01-12 16:11 - 00079448 _____ () C:\Users\ema\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-12 11:10 - 2011-05-10 01:12 - 00702028 _____ () C:\Windows\system32\perfh007.dat 2015-02-12 11:10 - 2011-05-10 01:12 - 00150638 _____ () C:\Windows\system32\perfc007.dat 2015-02-12 11:10 - 2009-07-14 10:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-11 23:30 - 2012-01-15 20:51 - 00000000 ____D () C:\Users\ema\AppData\Local\CrashDumps 2015-02-11 23:13 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\system 2015-02-11 22:06 - 2012-01-12 16:12 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C3AE9CE-BEFD-4CC7-B77C-79FC2D172507} 2015-02-11 20:21 - 2012-01-12 15:55 - 00000000 ____D () C:\Users\ema 2015-02-11 08:49 - 2012-07-28 23:43 - 00000000 ____D () C:\output 2015-02-11 08:37 - 2012-01-15 21:15 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-11 08:37 - 2012-01-15 21:15 - 00001014 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-10 21:26 - 2011-05-09 15:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-10 21:26 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2015-02-10 21:25 - 2012-01-15 21:15 - 00004026 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-10 21:25 - 2012-01-15 21:15 - 00003774 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-10 21:19 - 2013-01-19 17:29 - 00000000 ____D () C:\Windows\Minidump 2015-02-10 21:07 - 2014-08-14 18:45 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-10 21:07 - 2013-03-23 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-10 21:06 - 2013-03-23 11:08 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-02-08 21:16 - 2012-01-16 17:31 - 00000000 ____D () C:\Users\ema\AppData\Roaming\Skype 2015-02-07 11:49 - 2014-07-13 23:10 - 00000000 ____D () C:\Users\ema\AppData\Local\Deployment 2015-02-02 22:00 - 2012-01-12 22:23 - 01600324 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-28 17:06 - 2012-05-25 00:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 12:21 - 2014-07-25 00:15 - 00000000 ____D () C:\Users\ema\Desktop\Inventory old 2015-01-25 19:30 - 2014-10-04 12:39 - 00000000 ____D () C:\Users\ema\Desktop\Neuer Ordner 2015-01-22 22:53 - 2012-05-10 14:32 - 00000000 ____D () C:\Users\ema\school - MCS 2015-01-22 20:03 - 2014-10-01 18:15 - 00000000 ____D () C:\Users\ema\Documents\Youcam 2015-01-20 20:28 - 2012-01-12 15:56 - 00000000 ____D () C:\Users\ema\AppData\Local\VirtualStore 2015-01-18 22:45 - 2014-04-10 10:31 - 00000000 ____D () C:\Users\ema\Desktop\Dokumente 2015-01-18 19:33 - 2012-04-29 22:32 - 00000000 ____D () C:\Users\ema\Documents\persönliches 2015-01-16 21:58 - 2013-07-25 21:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-16 21:51 - 2012-01-16 17:47 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-15 13:55 - 2012-01-16 17:31 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-15 13:55 - 2011-05-09 15:39 - 00000000 ____D () C:\ProgramData\Skype 2015-01-13 05:03 - 2014-07-26 17:48 - 00002477 _____ () C:\Users\ema\Documents\Backup.ffs_gui 2015-01-13 05:02 - 2014-07-29 17:08 - 00000000 ____D () C:\Users\ema\Archiv ==================== Files in the root of some directories ======= 2011-01-19 16:30 - 2011-01-19 16:30 - 142700671 _____ () C:\Program Files (x86)\openofficeorg1.cab 2011-01-19 16:34 - 2011-01-19 16:34 - 3003392 _____ () C:\Program Files (x86)\openofficeorg33.msi 2011-01-19 16:33 - 2011-01-19 16:33 - 0475016 _____ () C:\Program Files (x86)\setup.exe 2011-01-19 15:15 - 2011-01-19 15:15 - 0000290 _____ () C:\Program Files (x86)\setup.ini 2014-04-05 22:10 - 2014-04-05 22:12 - 0596924 _____ () C:\Users\ema\AppData\Roaming\Scorch_Install.log 2012-06-17 01:28 - 2014-01-17 20:44 - 0012288 _____ () C:\Users\ema\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-02-22 23:50 - 2013-02-22 23:50 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-08-23 14:17 - 2014-09-09 23:42 - 0001813 _____ () C:\ProgramData\hpzinstall.log 2012-01-23 17:51 - 2011-09-21 18:31 - 0007680 _____ () C:\ProgramData\Z@!-ee4565ec-37c8-4954-b70d-4cece1ec5256.tmp Some content of TEMP: ==================== C:\Users\ema\AppData\Local\Temp\avgnt.exe C:\Users\ema\AppData\Local\Temp\jre-8u31-windows-au.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-04 22:47 ==================== End Of Log ============================ Ja, soweit ich das sehen kann, scheint der Trojaner noch da zu sein. Als ich den Computer hochfuhr - vor dem ESET - versuchte das Prgramm, das den Trojaner mitgebracht hatte wieder zu installieren. Habe es aber nicht gleich gecancelt, da das kleine "Wappensymbol" auf dem Symbol des Programmes, welches auf der Taskleiste ist, nach den vorherigen Prozessen verschwunden war. Nach kurzem meldete sich aber Avira mit der gleichen Trojanermeldung wie ganz am Anfang. Außerdem ist auch wieder das kleine "Wappensymbol" auf dem Taskleistenbutton des Programmes. Wenn nicht das ESET oder der SecurityCheck den Trojaner beseitigt haben, scheint er noch da zu sein....!? |
13.02.2015, 06:57 | #6 | |
/// the machine /// TB-Ausbilder | Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschobenZitat:
__________________ --> Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben |
13.02.2015, 14:16 | #7 |
| Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben Installiert wurde sie mit Absicht, hab sie aber glaub nie benutzt und grad gesehen, dass die Testphase um ist. Wird also nicht gebraucht. |
13.02.2015, 20:31 | #8 |
/// the machine /// TB-Ausbilder | Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben Dann bitte deinstallieren. Firefox updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\InstallMate C:\Program Files (x86)\XXXChurch Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X3Watch.lnk ShortcutTarget: X3Watch.lnk -> C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3}\NewShortcut1_D74C6BBD2867476BAF40C953E203B25E.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X3WatchProxyChecker.lnk ShortcutTarget: X3WatchProxyChecker.lnk -> C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3}\NewShortcut3_D99F648AB230462A948D38A8F7FE6938.exe (Flexera Software LLC) C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3} Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.02.2015, 15:11 | #9 |
| Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben NHC Software ist deinstalliert. Firefox findet keine neuen Updates und sagt es sei aktuell. Hier das Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015 Ran by ema at 2015-02-14 18:33:32 Run:1 Running from C:\Users\ema\Desktop Loaded Profiles: ema (Available profiles: ema) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\ProgramData\InstallMate C:\Program Files (x86)\XXXChurch Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X3Watch.lnk ShortcutTarget: X3Watch.lnk -> C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3}\NewShortcut1_D74C6BBD2867476BAF40C953E203B25E.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X3WatchProxyChecker.lnk ShortcutTarget: X3WatchProxyChecker.lnk -> C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3}\NewShortcut3_D99F648AB230462A948D38A8F7FE6938.exe (Flexera Software LLC) C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3} Emptytemp: ***************** C:\ProgramData\InstallMate => Moved successfully. C:\Program Files (x86)\XXXChurch => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X3Watch.lnk => Moved successfully. C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3}\NewShortcut1_D74C6BBD2867476BAF40C953E203B25E.exe => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\X3WatchProxyChecker.lnk => Moved successfully. C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3}\NewShortcut3_D99F648AB230462A948D38A8F7FE6938.exe => Moved successfully. C:\Windows\Installer\{BCF442DC-768A-4383-AFD7-E239F715ADB3} => Moved successfully. EmptyTemp: => Removed 142.7 MB temporary data. The system needed a reboot. ==== End of Fixlog 18:33:49 ==== |
15.02.2015, 08:28 | #10 |
/// the machine /// TB-Ausbilder | Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.02.2015, 09:38 | #11 |
| Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben Danke, nein. Im Gegenteil, der PC startet schneller und ist auch sonst etwas fixer in den verschiedenen Programmen. Heißt das ich kann das Xwatch Programm nun vollends ohne Trojanergefahr installieren? |
15.02.2015, 15:53 | #12 |
/// the machine /// TB-Ausbilder | Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben Wieso? Lust das wir wieder von vorne anfangen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.02.2015, 16:03 | #13 |
| Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben Mit Sicherheit nicht. Aber da ich von der Materie nicht genug weiß, weiß ich auch nicht, ob den Trojaner so zu entfernen, dass das Programm trotzdem noch verwendbar ist, oder ob beides so ineinander verwoben ist, dass durch die Entfernung des einen das andere nicht mehr funktioniert. |
16.02.2015, 06:39 | #14 |
/// the machine /// TB-Ausbilder | Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben Sieht so aus als sei das programm ansich Müll. Für was genau brauchst du das?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.02.2015, 15:28 | #15 |
| Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben Wieso Müll? Als Hilfe nicht auf solchen Seiten zu surfen, auf die ich eigentlich nicht will; indem ein sog. "Rechenschaftpartner" einen Bericht von meinen angesehenen Seiten bekommt, d.h. ich weiß, dass mir "jemand über die Schultern schaut". Gibt aber Alternativprogramme, falls dieses hier nicht funktioniert. Das Programm ist nach wie vor bei mir auf der Taskleiste und unter Systemsteuerung in "Programme" aufgelistet, allerdings ohne das Programmlogo. Schließe ich korrekt, dass es aus Trojanertechnischer Sicht mehr Sinn macht das Programm kompett zu deinstallieren? |
Themen zu Windows 7: Avira hat TR/Dropper.MSIL.Gen beim installieren eines Programmes entdeckt, wurde in Quarantäne verschoben |
avira, browser, desktop, downloader, entfernen, failed, fehler, firefox, helper, homepage, installation, launch, logfile, mozilla, msiexec.exe, popup, prozesse, realtek, registry, scan, security, stick, svchost.exe, trojaner, trojaner tr/dropper.msil.gen, warnung, windows, wuauclt.exe |