| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Laptop wirkt verlangsamt und allgemeiner CheckWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.03.2015, 21:40
| #1 |
 |  Windows 7: Laptop wirkt verlangsamt und allgemeiner Check Hallo liebes Trojaner-Board, würde euch gern mal meinen Lappi durchchecken lassen. Der kam mir schonmal schneller vor und es wird mal wieder Zeit, dass mal wieder jemand drüberschaut. Wäre nett, wenn mir jemand helfen könnte.. Danke und LG frst Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Kerstin (administrator) on KERSTIN-PC on 23-03-2015 20:58:12
Running from C:\Users\Kerstin\Downloads
Loaded Profiles: Kerstin (Available profiles: Kerstin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Kerstin\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> DefaultScope {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll [2011-03-11] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-04] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-24] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-05-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-05-09]
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.com/de"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]
CHR Extension: (Google Drive) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15]
CHR Extension: (YouTube) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-15]
CHR Extension: (Google Search) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-15]
CHR Extension: (SiteAdvisor) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-10-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR Extension: (Gmail) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [30208 2006-11-07] (AVM GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 kgdiafoc; \??\C:\Users\Kerstin\AppData\Local\Temp\kgdiafoc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-23 20:55 - 2015-03-23 20:55 - 02095616 _____ (Farbar) C:\Users\Kerstin\Downloads\FRST64 (1).exe
2015-03-23 20:54 - 2015-03-23 20:54 - 00380416 _____ () C:\Users\Kerstin\Downloads\rv6xpvvp.exe
2015-03-23 20:12 - 2015-03-23 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-24 04:15 - 2015-03-23 20:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 04:15 - 2015-02-24 04:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-24 04:15 - 2015-02-24 04:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-23 20:58 - 2013-12-24 22:49 - 00019978 _____ () C:\Users\Kerstin\Downloads\FRST.txt
2015-03-23 20:58 - 2013-12-24 22:48 - 00000000 ____D () C:\FRST
2015-03-23 20:49 - 2013-10-15 14:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-23 19:38 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-23 19:38 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-23 19:31 - 2013-12-25 02:40 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-23 19:31 - 2011-03-27 14:20 - 00000000 ____D () C:\ProgramData\clear.fi
2015-03-23 19:30 - 2013-10-15 14:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-23 19:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 19:30 - 2009-07-14 05:51 - 00243650 _____ () C:\Windows\setupact.log
2015-03-22 07:38 - 2011-02-01 14:56 - 00659238 _____ () C:\Windows\system32\perfh007.dat
2015-03-22 07:38 - 2011-02-01 14:56 - 00132776 _____ () C:\Windows\system32\perfc007.dat
2015-03-22 07:38 - 2009-07-14 06:13 - 01512418 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 03:26 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Skype
2015-03-07 01:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-06 17:12 - 2011-02-01 06:05 - 00097028 _____ () C:\Windows\PFRO.log
2015-02-25 01:49 - 2014-04-09 01:10 - 00000000 ____D () C:\Users\Kerstin\.matplotlib
2015-02-24 04:57 - 2014-09-18 23:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-24 04:57 - 2011-04-02 04:39 - 00000000 ____D () C:\ProgramData\Skype
2015-02-24 04:20 - 2011-06-28 12:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2011-10-30 21:36 - 2011-10-31 15:36 - 0000000 ____H () C:\Users\Kerstin\AppData\Roaming\windrvconfig.txt
2012-11-14 15:18 - 2012-11-14 15:18 - 0000337 _____ () C:\Users\Kerstin\AppData\Local\Perfmon.PerfmonCfg
2011-12-02 04:25 - 2013-10-15 15:13 - 0007602 _____ () C:\Users\Kerstin\AppData\Local\Resmon.ResmonCfg
2011-02-01 06:34 - 2011-02-01 06:43 - 0016243 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-02 04:42 - 2011-04-02 04:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Files to move or delete:
====================
C:\Users\Kerstin\CTX.DAT
Some content of TEMP:
====================
C:\Users\Kerstin\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Kerstin\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Kerstin\AppData\Local\Temp\MSN2.exe
C:\Users\Kerstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kerstin\AppData\Local\Temp\sqlite3.dll
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387729963429_3f9979_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388078529334_c44289_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388143015269_e25c23_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1389741798020_e25c23_de.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-15 19:38
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2013 01
Ran by Kerstin at 2013-12-24 22:52:20
Running from C:\Users\Kerstin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
AAVUpdateManager (x32 Version: 15.00.0000)
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1395.4512)
Acer Backup Manager (x32 Version: 3.0.0.69)
Acer Crystal Eye Webcam (x32 Version: 1.0.1306)
Acer ePower Management (x32 Version: 6.00.3000)
Acer eRecovery Management (x32 Version: 5.00.3001)
Acer GameZone Console (x32 Version: 6.1.0.9)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0707.2010)
Acer Updater (x32 Version: 1.02.3001)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.102.64)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.2) - Deutsch (x32 Version: 10.1.2)
Amazonia (x32)
AMD Fuel (Version: 2010.1118.1603.28745)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
ATI Catalyst Install Manager (Version: 3.0.800.0)
Backup Manager V3 (x32 Version: 3.0.0.69)
Cake Mania (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1118.1603.28745)
Catalyst Control Center InstallProxy (x32 Version: 2010.1118.1603.28745)
Catalyst Control Center Localization All (x32 Version: 2010.1118.1603.28745)
Catalyst Control Center Profiles Mobile (x32 Version: 2010.1118.1603.28745)
CCC Help Chinese Standard (x32 Version: 2010.1118.1602.28745)
CCC Help Chinese Traditional (x32 Version: 2010.1118.1602.28745)
CCC Help Czech (x32 Version: 2010.1118.1602.28745)
CCC Help Danish (x32 Version: 2010.1118.1602.28745)
CCC Help Dutch (x32 Version: 2010.1118.1602.28745)
CCC Help English (x32 Version: 2010.1118.1602.28745)
CCC Help Finnish (x32 Version: 2010.1118.1602.28745)
CCC Help French (x32 Version: 2010.1118.1602.28745)
CCC Help German (x32 Version: 2010.1118.1602.28745)
CCC Help Greek (x32 Version: 2010.1118.1602.28745)
CCC Help Hungarian (x32 Version: 2010.1118.1602.28745)
CCC Help Italian (x32 Version: 2010.1118.1602.28745)
CCC Help Japanese (x32 Version: 2010.1118.1602.28745)
CCC Help Korean (x32 Version: 2010.1118.1602.28745)
CCC Help Norwegian (x32 Version: 2010.1118.1602.28745)
CCC Help Polish (x32 Version: 2010.1118.1602.28745)
CCC Help Portuguese (x32 Version: 2010.1118.1602.28745)
CCC Help Russian (x32 Version: 2010.1118.1602.28745)
CCC Help Spanish (x32 Version: 2010.1118.1602.28745)
CCC Help Swedish (x32 Version: 2010.1118.1602.28745)
CCC Help Thai (x32 Version: 2010.1118.1602.28745)
ccc-core-static (x32 Version: 2010.1118.1603.28745)
ccc-utility64 (Version: 2010.1118.1603.28745)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10057)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10057)
clear.fi (x32 Version: 1.0.1223.00)
clear.fi Client (x32 Version: 1.00.3008)
Conexant HD Audio (Version: 8.41.1.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Dream Day First Home (x32)
eBay Worldwide (x32 Version: 2.1.0901)
Epson Easy Photo Print 2 (x32 Version: 2.1.0.0)
Epson Event Manager (x32 Version: 2.30.01)
EPSON Scan (x32)
Epson Stylus SX510W_TX550W Handbuch (x32)
EPSON SX510W Series Printer Uninstall
EpsonNet Print (x32 Version: 2.4i)
EpsonNet Setup (x32 Version: 3.1c)
ESET Online Scanner v3 (x32)
ETDWare PS/2-X64 8.0.6.0_WHQL (Version: 8.0.6.0)
Farm Frenzy 2 (x32)
Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212)
Galapago (x32)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
GPL Ghostscript 8.71
Heroes of Hellas (x32)
Identity Card (x32 Version: 1.00.3003)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 5.0.5)
Malwarebytes Anti-Malware Version 1.65.1.1000 (x32 Version: 1.65.1.1000)
McAfee Internet Security Suite (x32 Version: 12.8.856)
MediaEspresso (x32 Version: 1.0.1210_33255)
Merriam Websters Spell Jam (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MiKTeX 2.9 (x32 Version: 2.9)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
NTI Media Maker 9 (x32 Version: 9.0.2.8939)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
PDF24 Creator 5.4.0 (x32)
Poker Pop (x32)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30122)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 5.10 (x32 Version: 5.10.116)
Sony Ericsson Update Engine (x32 Version: 2.12.4.17)
Sony PC Companion 2.10.094 (x32 Version: 2.10.094)
Spin & Win (x32)
Steuer-Sparer 2011 (x32 Version: 16.12)
TeXnicCenter Version 2.0 Beta 1 (x32 Version: 2.0 Beta 1)
Uninstall 1.0.0.1 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Veetle TV 0.9.18 (x32 Version: 0.9.18)
Welcome Center (x32 Version: 1.02.3005)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
==================== Restore Points =========================
11-10-2013 12:43:24 Windows Update
12-10-2013 01:00:28 Windows Update
22-10-2013 14:51:58 Geplanter Prüfpunkt
30-10-2013 15:59:10 Geplanter Prüfpunkt
11-11-2013 21:43:25 Geplanter Prüfpunkt
19-11-2013 14:43:04 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-09-04 16:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {03CCB95E-50E3-424C-882E-1CDF9C451175} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {059CB88E-3DB2-4949-8FB9-77D3485A6BD5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)
Task: {32D0AA94-94F2-4260-B87E-0B676C3C99D8} - System32\Tasks\{365B1BB6-0DBB-4A2E-BF02-61988F376446} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {34F51131-442B-49E7-AACB-B74042D3B613} - System32\Tasks\{3CDF03BA-C92E-46CA-8900-61A3C00E2A78} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {45F961C0-77A4-4E5A-B387-B405B5A3F58F} - System32\Tasks\{075A127A-1303-4C3B-8201-3E5C0447364D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {884424F8-F8D9-4A3B-B400-E369F6430795} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)
Task: {ABE42175-8175-4B87-98F8-D03771ACDFAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {CF4F2F69-2E57-4131-A063-4F8DC334E5BC} - System32\Tasks\{F163F189-5888-4976-9F05-E032A555EA94} => Firefox.exe hxxp://ui.skype.com/ui/0/5.2.60.113/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {F0EB3259-108C-419C-BDA3-C445975EC1B9} - System32\Tasks\{A307B3C9-5AAF-42D1-A256-CEEC2E201A4D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.2.60.113/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {FFAFB065-20A0-4B1C-A2CE-F7989394D72E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-11-12 02:22 - 2010-11-12 02:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2010-12-23 14:46 - 2010-12-23 14:46 - 00210312 ____N () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2013-12-06 10:05 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 10:05 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 10:05 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 10:05 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 10:05 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 10:05 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/24/2013 09:56:29 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed
Error: (12/24/2013 09:55:18 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2
Error: (12/22/2013 05:19:44 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed
Error: (12/22/2013 05:19:14 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2
Error: (12/19/2013 09:02:01 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed
Error: (12/19/2013 09:00:13 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2
Error: (12/18/2013 05:21:22 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed
Error: (12/18/2013 05:20:49 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2
Error: (12/18/2013 02:45:51 PM) (Source: Application Hang) (User: )
Description: Programm TitanPSetupUninstall1387370074849_77bb75_de.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1050
Startzeit: 01cefbf6d57ee941
Endzeit: 31
Anwendungspfad: C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exe
Berichts-ID: af96073d-67ea-11e3-9520-889ffa1b7285
Error: (12/18/2013 00:40:02 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed
System errors:
=============
Error: (12/22/2013 07:30:39 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (12/22/2013 05:16:54 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 20.12.2013 um 16:46:38 unerwartet heruntergefahren.
Error: (12/19/2013 11:15:06 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (12/18/2013 02:47:12 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (12/15/2013 10:42:03 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (12/11/2013 04:57:31 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (12/11/2013 11:24:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Anti-Spam Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/11/2013 11:24:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/11/2013 11:24:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Platform Services" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/11/2013 11:24:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee VirusScan Announcer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (12/24/2013 09:56:29 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed
Error: (12/24/2013 09:55:18 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2
Error: (12/22/2013 05:19:44 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed
Error: (12/22/2013 05:19:14 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2
Error: (12/19/2013 09:02:01 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed
Error: (12/19/2013 09:00:13 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2
Error: (12/18/2013 05:21:22 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed
Error: (12/18/2013 05:20:49 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2
Error: (12/18/2013 02:45:51 PM) (Source: Application Hang)(User: )
Description: TitanPSetupUninstall1387370074849_77bb75_de.exe1.0.0.1105001cefbf6d57ee94131C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exeaf96073d-67ea-11e3-9520-889ffa1b7285
Error: (12/18/2013 00:40:02 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed
CodeIntegrity Errors:
===================================
Date: 2011-11-30 23:53:38.203
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-11-30 23:53:38.000
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 53%
Total physical RAM: 2794.9 MB
Available physical RAM: 1310.75 MB
Total Pagefile: 5587.98 MB
Available Pagefile: 3898.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:282.99 GB) (Free:186.37 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 73F766B1)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-23 21:21:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-22ZEST0 rev.01.01A01 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Kerstin\AppData\Local\Temp\kgdiafoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dd1465 2 bytes [DD, 75]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dd14bb 2 bytes [DD, 75]
.text ... * 2
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dd1465 2 bytes [DD, 75]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dd14bb 2 bytes [DD, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1200:4968] 0000000005f5325c
Thread C:\Windows\system32\svchost.exe [1200:4980] 0000000005f53120
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 67050
---- EOF - GMER 2.1 ----
|
|
23.03.2015, 22:13
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7: Laptop wirkt verlangsamt und allgemeiner Check Hi,
__________________Zitat:
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.  Zukünftig bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.
__________________ |
|
23.03.2015, 22:38
| #3 |
| | Windows 7: Laptop wirkt verlangsamt und allgemeiner Check Sorry, irgendwie verpeilt.
__________________Hier die aktuellen Logs: frst FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Kerstin (administrator) on KERSTIN-PC on 23-03-2015 22:31:15
Running from C:\Users\Kerstin\Desktop
Loaded Profiles: Kerstin (Available profiles: Kerstin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> DefaultScope {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll [2011-03-11] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-04] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-24] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-05-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-05-09]
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.com/de"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]
CHR Extension: (Google Drive) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15]
CHR Extension: (YouTube) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-15]
CHR Extension: (Google Search) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-15]
CHR Extension: (SiteAdvisor) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-10-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR Extension: (Gmail) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [30208 2006-11-07] (AVM GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 kgdiafoc; \??\C:\Users\Kerstin\AppData\Local\Temp\kgdiafoc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-23 22:31 - 2015-03-23 22:31 - 00019831 _____ () C:\Users\Kerstin\Desktop\FRST.txt
2015-03-23 22:29 - 2015-03-23 22:29 - 02095616 _____ (Farbar) C:\Users\Kerstin\Desktop\FRST64.exe
2015-03-23 21:21 - 2015-03-23 21:21 - 00001898 _____ () C:\Users\Kerstin\Desktop\gmer.log
2015-03-23 21:03 - 2015-03-23 21:03 - 00380416 _____ () C:\Users\Kerstin\Downloads\Gmer-19357.exe
2015-03-23 20:54 - 2015-03-23 20:54 - 00380416 _____ () C:\Users\Kerstin\Downloads\rv6xpvvp.exe
2015-03-23 20:12 - 2015-03-23 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-24 04:15 - 2015-03-23 22:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 04:15 - 2015-02-24 04:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-24 04:15 - 2015-02-24 04:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-23 22:31 - 2013-12-24 22:48 - 00000000 ____D () C:\FRST
2015-03-23 22:30 - 2013-12-24 22:49 - 00060599 _____ () C:\Users\Kerstin\Downloads\FRST.txt
2015-03-23 21:49 - 2013-10-15 14:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-23 21:00 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-23 21:00 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-23 19:31 - 2013-12-25 02:40 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-23 19:31 - 2011-03-27 14:20 - 00000000 ____D () C:\ProgramData\clear.fi
2015-03-23 19:30 - 2013-10-15 14:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-23 19:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 19:30 - 2009-07-14 05:51 - 00243650 _____ () C:\Windows\setupact.log
2015-03-22 07:38 - 2011-02-01 14:56 - 00659238 _____ () C:\Windows\system32\perfh007.dat
2015-03-22 07:38 - 2011-02-01 14:56 - 00132776 _____ () C:\Windows\system32\perfc007.dat
2015-03-22 07:38 - 2009-07-14 06:13 - 01512418 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 03:26 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Skype
2015-03-07 01:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-06 17:12 - 2011-02-01 06:05 - 00097028 _____ () C:\Windows\PFRO.log
2015-02-25 01:49 - 2014-04-09 01:10 - 00000000 ____D () C:\Users\Kerstin\.matplotlib
2015-02-24 04:57 - 2014-09-18 23:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-24 04:57 - 2011-04-02 04:39 - 00000000 ____D () C:\ProgramData\Skype
2015-02-24 04:20 - 2011-06-28 12:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2011-10-30 21:36 - 2011-10-31 15:36 - 0000000 ____H () C:\Users\Kerstin\AppData\Roaming\windrvconfig.txt
2012-11-14 15:18 - 2012-11-14 15:18 - 0000337 _____ () C:\Users\Kerstin\AppData\Local\Perfmon.PerfmonCfg
2011-12-02 04:25 - 2013-10-15 15:13 - 0007602 _____ () C:\Users\Kerstin\AppData\Local\Resmon.ResmonCfg
2011-02-01 06:34 - 2011-02-01 06:43 - 0016243 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-02 04:42 - 2011-04-02 04:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Files to move or delete:
====================
C:\Users\Kerstin\CTX.DAT
Some content of TEMP:
====================
C:\Users\Kerstin\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Kerstin\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Kerstin\AppData\Local\Temp\MSN2.exe
C:\Users\Kerstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kerstin\AppData\Local\Temp\sqlite3.dll
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387729963429_3f9979_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388078529334_c44289_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388143015269_e25c23_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1389741798020_e25c23_de.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-15 19:38
==================== End Of Log ============================
addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Kerstin at 2015-03-23 22:33:07
Running from C:\Users\Kerstin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{B82157D3-6D31-4650-93B4-FC39BB08D6CE}) (Version: 15.00.0000 - Akademische Arbeitsgemeinschaft)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1306 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1306 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3001 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
ccc-core-static (x32 Version: 2010.1118.1603.28745 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.41.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.20141009 - Landesfinanzdirektion Thüringen)
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Stylus SX510W_TX550W Handbuch (HKLM-x32\...\Epson Stylus SX510W_TX550W Benutzerhandbuch) (Version: - )
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
File Type Advisor 1.4 (HKLM-x32\...\File Type Advisor_is1) (Version: - filetypeadvisor.com)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.5 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
PyQt4 - PyQwt5 5.2.1-5 (HKLM-x32\...\PyQt4 - PyQwt5 5.2.1-5) (Version: 5.2.1-5 - pythonxy.com)
PyQt4 - QtHelp 4.8.3-1 (HKLM-x32\...\PyQt4 - QtHelp 4.8.3-1) (Version: 4.8.3-1 - pythonxy.com)
Python 2.7 - cx_Freeze 4.3.1-1 (HKLM-x32\...\Python 2.7 - cx_Freeze 4.3.1-1) (Version: 4.3.1-1 - pythonxy.com)
Python 2.7 - distribute 0.6.32-2 (HKLM-x32\...\Python 2.7 - distribute 0.6.32-2) (Version: 0.6.32-2 - pythonxy.com)
Python 2.7 - docutils 0.9.1 (HKLM-x32\...\Python 2.7 - docutils 0.9.1) (Version: 0.9.1 - pythonxy.com)
Python 2.7 - EnthoughtToolSuite 4.2.0-1 (HKLM-x32\...\Python 2.7 - EnthoughtToolSuite 4.2.0-1) (Version: 4.2.0-1 - pythonxy.com)
Python 2.7 - formlayout 1.0.9 (HKLM-x32\...\Python 2.7 - formlayout 1.0.9) (Version: 1.0.9 - pythonxy.com)
Python 2.7 - Gnuplot 1.8.0.3 (HKLM-x32\...\Python 2.7 - Gnuplot 1.8.0.3) (Version: 1.8.0.3 - pythonxy.com)
Python 2.7 - guidata 1.5.1-1 (HKLM-x32\...\Python 2.7 - guidata 1.5.1-1) (Version: 1.5.1-1 - pythonxy.com)
Python 2.7 - guiqwt 2.2.1-1 (HKLM-x32\...\Python 2.7 - guiqwt 2.2.1-1) (Version: 2.2.1-1 - pythonxy.com)
Python 2.7 - h5py 2.1.0 (HKLM-x32\...\Python 2.7 - h5py 2.1.0) (Version: 2.1.0 - pythonxy.com)
Python 2.7 - IPython 0.13.1-1 (HKLM-x32\...\Python 2.7 - IPython 0.13.1-1) (Version: 0.13.1-1 - pythonxy.com)
Python 2.7 - jinja2 2.6.0.1 (HKLM-x32\...\Python 2.7 - jinja2 2.6.0.1) (Version: 2.6.0.1 - pythonxy.com)
Python 2.7 - matplotlib 1.1.1 (HKLM-x32\...\Python 2.7 - matplotlib 1.1.1) (Version: 1.1.1 - pythonxy.com)
Python 2.7 - nose 1.2.1 (HKLM-x32\...\Python 2.7 - nose 1.2.1) (Version: 1.2.1 - pythonxy.com)
Python 2.7 - numexpr 2.0.1 (HKLM-x32\...\Python 2.7 - numexpr 2.0.1) (Version: 2.0.1 - pythonxy.com)
Python 2.7 - numpy 1.6.2 (HKLM-x32\...\Python 2.7 - numpy 1.6.2) (Version: 1.6.2 - pythonxy.com)
Python 2.7 - pandas 0.9.1-2 (HKLM-x32\...\Python 2.7 - pandas 0.9.1-2) (Version: 0.9.1-2 - pythonxy.com)
Python 2.7 - PIL 1.1.7.2 (HKLM-x32\...\Python 2.7 - PIL 1.1.7.2) (Version: 1.1.7.2 - pythonxy.com)
Python 2.7 - ply 3.4 (HKLM-x32\...\Python 2.7 - ply 3.4) (Version: 3.4 - pythonxy.com)
Python 2.7 - psutils 0.6.1 (HKLM-x32\...\Python 2.7 - psutils 0.6.1) (Version: 0.6.1 - pythonxy.com)
Python 2.7 - py2exe 0.6.9 (HKLM-x32\...\Python 2.7 - py2exe 0.6.9) (Version: 0.6.9 - pythonxy.com)
Python 2.7 - pyfits 3.1 (HKLM-x32\...\Python 2.7 - pyfits 3.1) (Version: 3.1 - pythonxy.com)
Python 2.7 - pygments 1.5.0 (HKLM-x32\...\Python 2.7 - pygments 1.5.0) (Version: 1.5.0 - pythonxy.com)
Python 2.7 - pylint 0.26-1 (HKLM-x32\...\Python 2.7 - pylint 0.26-1) (Version: 0.26-1 - pythonxy.com)
Python 2.7 - PyOpenGL 3.0.2-1 (HKLM-x32\...\Python 2.7 - PyOpenGL 3.0.2-1) (Version: 3.0.2-1 - pythonxy.com)
Python 2.7 - PyQt4 4.9.5-2 (HKLM-x32\...\Python 2.7 - PyQt4 4.9.5-2) (Version: 4.9.5-2 - pythonxy.com)
Python 2.7 - pyreadline 1.7.1 (HKLM-x32\...\Python 2.7 - pyreadline 1.7.1) (Version: 1.7.1 - pythonxy.com)
Python 2.7 - pytables 2.4.0 (HKLM-x32\...\Python 2.7 - pytables 2.4.0) (Version: 2.4.0 - pythonxy.com)
Python 2.7 - pywin32 218-1 (HKLM-x32\...\Python 2.7 - pywin32 218-1) (Version: 218-1 - pythonxy.com)
Python 2.7 - pyzmq 2.2.0.1-1 (HKLM-x32\...\Python 2.7 - pyzmq 2.2.0.1-1) (Version: 2.2.0.1-1 - pythonxy.com)
Python 2.7 - reportlab 2.6 (HKLM-x32\...\Python 2.7 - reportlab 2.6) (Version: 2.6 - pythonxy.com)
Python 2.7 - scipy 0.11.0 (HKLM-x32\...\Python 2.7 - scipy 0.11.0) (Version: 0.11.0 - pythonxy.com)
Python 2.7 - sphinx 1.1.3.1 (HKLM-x32\...\Python 2.7 - sphinx 1.1.3.1) (Version: 1.1.3.1 - pythonxy.com)
Python 2.7 - spyder 2.1.11 (HKLM-x32\...\Python 2.7 - spyder 2.1.11) (Version: 2.1.11 - pythonxy.com)
Python 2.7 - sqlalchemy 0.7.9-2 (HKLM-x32\...\Python 2.7 - sqlalchemy 0.7.9-2) (Version: 0.7.9-2 - pythonxy.com)
Python 2.7 - tornado 2.4.1-1 (HKLM-x32\...\Python 2.7 - tornado 2.4.1-1) (Version: 2.4.1-1 - pythonxy.com)
Python 2.7 - veusz 1.16 (HKLM-x32\...\Python 2.7 - veusz 1.16) (Version: 1.16 - pythonxy.com)
Python 2.7 - virtualenv 1.8.4-2 (HKLM-x32\...\Python 2.7 - virtualenv 1.8.4-2) (Version: 1.8.4-2 - pythonxy.com)
Python 2.7 - vitables 2.1.0.3 (HKLM-x32\...\Python 2.7 - vitables 2.1.0.3) (Version: 2.1.0.3 - pythonxy.com)
Python 2.7 - vtk 5.10.0 (HKLM-x32\...\Python 2.7 - vtk 5.10.0) (Version: 5.10.0 - pythonxy.com)
Python 2.7 - wxPython 2.8.12.1 (HKLM-x32\...\Python 2.7 - wxPython 2.8.12.1) (Version: 2.8.12.1 - pythonxy.com)
Python 2.7 - xy 1.2.16-1 (HKLM-x32\...\Python 2.7 - xy 1.2.16-1) (Version: 1.2.16-1 - pythonxy.com)
Python 2.7.3 (x32 Version: 2.7.3150 - Python Software Foundation) Hidden
Python(x,y) - console 2.0.148-8 (HKLM-x32\...\Python(x,y) - console 2.0.148-8) (Version: 2.0.148-8 - pythonxy.com)
Python(x,y) - mingw 4.5.2.3 (HKLM-x32\...\Python(x,y) - mingw 4.5.2.3) (Version: 4.5.2.3 - pythonxy.com)
Python(x,y) - SciTE 3.2.2-1 (HKLM-x32\...\Python(x,y) - SciTE 3.2.2-1) (Version: 3.2.2-1 - pythonxy.com)
Python(x,y) - xydoc 1.0.5.1 (HKLM-x32\...\Python(x,y) - xydoc 1.0.5.1) (Version: 1.0.5.1 - pythonxy.com)
Python(x,y) (HKLM-x32\...\Python(x,y)) (Version: 2.7.3.1 - www.pythonxy.com)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.4.17 - Sony Ericsson Mobile Communications AB)
Sony PC Companion 2.10.094 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.094 - Sony)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
Steuer-Sparer 2011 (HKLM-x32\...\{3499BB0F-E68A-4353-B6F0-701D0AD1CE2F}) (Version: 16.12 - Akademische Arbeitsgemeinschaft Verlag)
TeXnicCenter Version 2.0 Beta 1 (HKLM-x32\...\TeXnicCenter_is1) (Version: 2.0 Beta 1 - The TeXnicCenter Team)
VideoLAN VLC media player 0.8.5 (HKLM-x32\...\VLC media player) (Version: 0.8.5 - VideoLAN Team)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
21-10-2014 15:30:27 Geplanter Prüfpunkt
02-11-2014 16:51:19 Geplanter Prüfpunkt
13-11-2014 20:59:27 Geplanter Prüfpunkt
24-11-2014 17:21:22 Geplanter Prüfpunkt
25-12-2014 17:07:40 Geplanter Prüfpunkt
26-01-2015 19:00:14 Geplanter Prüfpunkt
03-02-2015 17:46:16 Geplanter Prüfpunkt
10-02-2015 23:35:43 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-06-03 07:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03CCB95E-50E3-424C-882E-1CDF9C451175} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {059CB88E-3DB2-4949-8FB9-77D3485A6BD5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)
Task: {0BEEB9D2-7194-4B1D-8CEC-5C6F34F60860} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {32D0AA94-94F2-4260-B87E-0B676C3C99D8} - System32\Tasks\{365B1BB6-0DBB-4A2E-BF02-61988F376446} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {34F51131-442B-49E7-AACB-B74042D3B613} - System32\Tasks\{3CDF03BA-C92E-46CA-8900-61A3C00E2A78} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {45F961C0-77A4-4E5A-B387-B405B5A3F58F} - System32\Tasks\{075A127A-1303-4C3B-8201-3E5C0447364D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {6534A55B-A4A0-454D-9C91-1D7A907E1489} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-24] (Adobe Systems Incorporated)
Task: {6A8EDEC6-F055-41FC-8655-11A5E837A011} - System32\Tasks\{DC5B2564-B5CB-4967-B07B-9FB23D130316} => pcalua.exe -a C:\Users\Kerstin\Desktop\Downloads\JabRef-2.8.1-setup.exe -d C:\Users\Kerstin\Desktop\Downloads
Task: {884424F8-F8D9-4A3B-B400-E369F6430795} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)
Task: {ABE42175-8175-4B87-98F8-D03771ACDFAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {C5074024-3B27-441F-9CEB-E898CD0DB864} - System32\Tasks\{5A7B0BE9-1FA8-4AA8-AD61-8AD850E53D4E} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=2
Task: {CF4F2F69-2E57-4131-A063-4F8DC334E5BC} - System32\Tasks\{F163F189-5888-4976-9F05-E032A555EA94} => Firefox.exe hxxp://ui.skype.com/ui/0/5.2.60.113/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {DCD52E09-71A7-4501-9125-43D951150F9C} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-09-04] (filetypeadvisor.com )
Task: {F0EB3259-108C-419C-BDA3-C445975EC1B9} - System32\Tasks\{A307B3C9-5AAF-42D1-A256-CEEC2E201A4D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.2.60.113/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {F89AABCC-F8A2-4013-B15C-F2F3D3FD3097} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-09-04] (File Type Advisor)
Task: {FFAFB065-20A0-4B1C-A2CE-F7989394D72E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2011-06-03 23:36 - 2011-06-03 23:36 - 00056832 _____ () C:\Windows\system32\windowtcodecsext.dll
2010-11-18 16:13 - 2010-11-18 16:13 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2010-11-18 16:14 - 2010-11-18 16:14 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2010-12-23 14:46 - 2010-12-23 14:46 - 00210312 ____N () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2015-03-23 19:52 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-23 19:52 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-23 19:52 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-23 19:52 - 2015-03-14 11:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
==================== Accounts: =============================
Administrator (S-1-5-21-3817438319-2950311145-3816183397-500 - Administrator - Disabled)
Gast (S-1-5-21-3817438319-2950311145-3816183397-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3817438319-2950311145-3816183397-1003 - Limited - Enabled)
Kerstin (S-1-5-21-3817438319-2950311145-3816183397-1001 - Administrator - Enabled) => C:\Users\Kerstin
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/23/2015 10:31:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1130
Startzeit: 01d065b06f5bd472
Endzeit: 38
Anwendungspfad: C:\Users\Kerstin\Downloads\FRST64.exe
Berichts-ID:
Error: (03/23/2015 08:55:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rv6xpvvp.exe, Version 2.1.19357.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1794
Startzeit: 01d065a337275fa5
Endzeit: 27
Anwendungspfad: C:\Users\Kerstin\Downloads\rv6xpvvp.exe
Berichts-ID: 82b55797-d196-11e4-a3f8-1c7508c137ad
Error: (03/23/2015 08:13:19 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/21/2015 04:33:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: McSvHost.exe, Version: 3.8.703.0, Zeitstempel: 0x51f7deae
Name des fehlerhaften Moduls: HOMENE~3.DLL, Version: 6.8.718.0, Zeitstempel: 0x537aebe5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000226ce1
ID des fehlerhaften Prozesses: 0x834
Startzeit der fehlerhaften Anwendung: 0xMcSvHost.exe0
Pfad der fehlerhaften Anwendung: McSvHost.exe1
Pfad des fehlerhaften Moduls: McSvHost.exe2
Berichtskennung: McSvHost.exe3
Error: (02/20/2015 04:35:03 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/17/2015 04:49:39 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/16/2015 06:52:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/15/2015 01:58:16 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/15/2015 00:53:00 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/12/2015 11:36:07 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT-AUTORITÄT)
Description: McShield crashed.
Error Code:c0000005
System errors:
=============
Error: (03/20/2015 07:38:52 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (03/15/2015 08:23:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%1115
Error: (03/06/2015 07:50:00 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (02/25/2015 05:08:21 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (02/22/2015 01:40:04 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (02/21/2015 04:34:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee Anti-Spam Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/21/2015 04:34:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/21/2015 04:34:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee Platform Services" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/21/2015 04:34:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee VirusScan Announcer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/21/2015 04:34:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (03/23/2015 10:31:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe0.0.0.0113001d065b06f5bd47238C:\Users\Kerstin\Downloads\FRST64.exe
Error: (03/23/2015 08:55:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rv6xpvvp.exe2.1.19357.0179401d065a337275fa527C:\Users\Kerstin\Downloads\rv6xpvvp.exe82b55797-d196-11e4-a3f8-1c7508c137ad
Error: (03/23/2015 08:13:19 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (02/21/2015 04:33:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeHOMENE~3.DLL6.8.718.0537aebe5c00000050000000000226ce183401d04d3920b7c599C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exec:\PROGRA~1\COMMON~1\mcafee\mhn\HOMENE~3.DLL6f9fbe9f-b97a-11e4-b584-1c7508c137ad
Error: (02/20/2015 04:35:03 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (02/17/2015 04:49:39 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (02/16/2015 06:52:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (02/15/2015 01:58:16 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (02/15/2015 00:53:00 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (02/12/2015 11:36:07 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT-AUTORITÄT)
Description: c0000005
CodeIntegrity Errors:
===================================
Date: 2011-11-30 23:53:38.203
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-11-30 23:53:38.000
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD E-350 Processor
Percentage of memory in use: 60%
Total physical RAM: 2794.9 MB
Available physical RAM: 1113.93 MB
Total Pagefile: 5587.98 MB
Available Pagefile: 3336.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:282.99 GB) (Free:184.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 73F766B1)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
24.03.2015, 09:48
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Laptop wirkt verlangsamt und allgemeiner Check Bitte mit MBAR fortfahren: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.05.2015, 21:42
| #5 |
| | Windows 7: Laptop wirkt verlangsamt und allgemeiner Check Hallo, hab es leider total vernachlässigt weiter zu machen, nach dem letzten Post, weil ich dachte "so schlimm isses ja nich" und danach einfach vergessen. Jetzt hab ich aber das Gefühl es gibt doch einige Probleme und ich brauche eure Hilfe. Ich hab mal Scan mit Avira gemacht: Avira: Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 27. April 2015 22:09
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : KERSTIN-PC
Versionsinformationen:
BUILD.DAT : 15.0.9.504 94784 Bytes 24.03.2015 14:59:00
AVSCAN.EXE : 15.0.9.504 1027528 Bytes 20.04.2015 15:26:41
AVSCANRC.DLL : 15.0.9.460 64760 Bytes 20.04.2015 15:26:41
LUKE.DLL : 15.0.9.460 60664 Bytes 20.04.2015 15:26:57
AVSCPLR.DLL : 15.0.9.460 95536 Bytes 20.04.2015 15:26:41
REPAIR.DLL : 15.0.9.504 374064 Bytes 20.04.2015 15:26:41
REPAIR.RDF : 1.0.7.40 857439 Bytes 25.04.2015 18:48:04
AVREG.DLL : 15.0.9.460 273712 Bytes 20.04.2015 15:26:40
AVLODE.DLL : 15.0.9.504 596272 Bytes 20.04.2015 15:26:39
AVLODE.RDF : 14.0.4.64 79226 Bytes 20.04.2015 15:26:36
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00071.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00072.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00073.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00074.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00075.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00076.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00077.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00078.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00079.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00080.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00081.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00082.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00083.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00084.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00085.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00086.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00087.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:02
XBV00088.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00089.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00090.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00091.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00092.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00093.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00094.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00095.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00096.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00097.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00098.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00099.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00100.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00101.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00102.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00103.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00104.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00105.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00106.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00107.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00108.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00109.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00110.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:03
XBV00111.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00112.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00113.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00114.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00115.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00116.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00117.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00118.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00119.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00120.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00121.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00122.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00123.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00124.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00125.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00126.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00127.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00128.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00129.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00130.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00131.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00132.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:04
XBV00133.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00134.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00135.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00136.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00137.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00138.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00139.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00140.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00141.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00142.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00143.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00144.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00145.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00146.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00147.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00148.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00149.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00150.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00151.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00152.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00153.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00154.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00155.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:05
XBV00156.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00157.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00158.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00159.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00160.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00161.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00162.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00163.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00164.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00165.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00166.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00167.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00168.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00169.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00170.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00171.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00172.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00173.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00174.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00175.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00176.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00177.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:06
XBV00178.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00179.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00180.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00181.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00182.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00183.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00184.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00185.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00186.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00187.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00188.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00189.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00190.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00191.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00192.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00193.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00194.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00195.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00196.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00197.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00198.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00199.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:07
XBV00200.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00201.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00202.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00203.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00204.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00205.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00206.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00207.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00208.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00209.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00210.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00211.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00212.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00213.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00214.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00215.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00216.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00217.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00218.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:08
XBV00219.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00220.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00221.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00222.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00223.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00224.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00225.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00226.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00227.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00228.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00229.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00230.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00231.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00232.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00233.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00234.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00235.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00236.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00237.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00238.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00239.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00240.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00241.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:09
XBV00242.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00243.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00244.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00245.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00246.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00247.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00248.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00249.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00250.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00251.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00252.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00253.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00254.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00255.VDF : 8.11.225.88 2048 Bytes 22.04.2015 15:19:10
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 11:02:04
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 11:02:04
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 11:02:04
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 11:02:04
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 11:02:04
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 11:02:04
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 11:02:04
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 11:02:04
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 11:02:04
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 11:02:04
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 11:02:04
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 11:02:04
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 11:02:04
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 11:02:04
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 11:02:04
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 11:02:04
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 11:02:04
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 15:27:02
XBV00018.VDF : 8.11.225.88 2367488 Bytes 22.04.2015 15:19:00
XBV00042.VDF : 8.11.225.112 23040 Bytes 22.04.2015 15:19:00
XBV00043.VDF : 8.11.225.138 2048 Bytes 22.04.2015 15:19:00
XBV00044.VDF : 8.11.225.164 43520 Bytes 22.04.2015 15:19:00
XBV00045.VDF : 8.11.225.188 27136 Bytes 22.04.2015 15:19:00
XBV00046.VDF : 8.11.225.190 2048 Bytes 22.04.2015 15:19:00
XBV00047.VDF : 8.11.225.192 24064 Bytes 22.04.2015 15:19:00
XBV00048.VDF : 8.11.225.196 35328 Bytes 23.04.2015 15:19:01
XBV00049.VDF : 8.11.225.198 14848 Bytes 23.04.2015 15:19:01
XBV00050.VDF : 8.11.225.202 2048 Bytes 23.04.2015 15:19:01
XBV00051.VDF : 8.11.225.224 30208 Bytes 23.04.2015 15:19:01
XBV00052.VDF : 8.11.225.244 2048 Bytes 23.04.2015 21:59:02
XBV00053.VDF : 8.11.226.8 21504 Bytes 23.04.2015 21:59:02
XBV00054.VDF : 8.11.226.30 35328 Bytes 23.04.2015 05:35:14
XBV00055.VDF : 8.11.226.34 2048 Bytes 24.04.2015 05:35:14
XBV00056.VDF : 8.11.226.42 32256 Bytes 24.04.2015 05:35:14
XBV00057.VDF : 8.11.226.44 39424 Bytes 24.04.2015 18:48:02
XBV00058.VDF : 8.11.226.46 7680 Bytes 24.04.2015 18:48:02
XBV00059.VDF : 8.11.226.48 6656 Bytes 24.04.2015 18:48:02
XBV00060.VDF : 8.11.226.68 14336 Bytes 24.04.2015 18:48:02
XBV00061.VDF : 8.11.226.88 19456 Bytes 24.04.2015 18:48:02
XBV00062.VDF : 8.11.226.112 24576 Bytes 24.04.2015 18:48:02
XBV00063.VDF : 8.11.226.134 55808 Bytes 25.04.2015 18:48:02
XBV00064.VDF : 8.11.226.136 2560 Bytes 25.04.2015 18:48:02
XBV00065.VDF : 8.11.226.138 9728 Bytes 25.04.2015 18:48:02
XBV00066.VDF : 8.11.226.140 12800 Bytes 25.04.2015 18:48:02
XBV00067.VDF : 8.11.226.160 94208 Bytes 26.04.2015 17:16:16
XBV00068.VDF : 8.11.226.178 10240 Bytes 26.04.2015 17:16:16
XBV00069.VDF : 8.11.226.196 10240 Bytes 26.04.2015 17:16:16
XBV00070.VDF : 8.11.226.214 7680 Bytes 26.04.2015 17:16:16
LOCAL000.VDF : 8.11.226.214 128078848 Bytes 26.04.2015 17:16:49
Engineversion : 8.3.30.24
AEVDF.DLL : 8.3.1.6 133992 Bytes 17.03.2015 11:01:51
AESCRIPT.DLL : 8.2.2.62 567208 Bytes 20.04.2015 15:26:36
AESCN.DLL : 8.3.2.2 139456 Bytes 17.03.2015 11:01:51
AESBX.DLL : 8.2.20.34 1615784 Bytes 17.03.2015 11:01:51
AERDL.DLL : 8.2.1.20 731040 Bytes 17.03.2015 11:01:51
AEPACK.DLL : 8.4.0.62 793456 Bytes 17.03.2015 11:01:51
AEOFFICE.DLL : 8.3.1.22 363376 Bytes 25.04.2015 18:48:01
AEMOBILE.DLL : 8.1.7.2 281720 Bytes 25.04.2015 18:48:02
AEHEUR.DLL : 8.1.4.1658 8289400 Bytes 25.04.2015 18:48:01
AEHELP.DLL : 8.3.2.0 281456 Bytes 20.04.2015 15:26:33
AEGEN.DLL : 8.1.7.40 456608 Bytes 17.03.2015 11:01:51
AEEXP.DLL : 8.4.2.82 260968 Bytes 20.04.2015 15:26:36
AEEMU.DLL : 8.1.3.4 399264 Bytes 17.03.2015 11:01:51
AEDROID.DLL : 8.4.3.116 1050536 Bytes 17.03.2015 11:01:51
AECORE.DLL : 8.3.4.0 243624 Bytes 17.03.2015 11:01:51
AEBB.DLL : 8.1.2.0 60448 Bytes 17.03.2015 11:01:51
AVWINLL.DLL : 15.0.9.460 26872 Bytes 20.04.2015 15:26:30
AVPREF.DLL : 15.0.9.460 52984 Bytes 20.04.2015 15:26:40
AVREP.DLL : 15.0.9.460 220464 Bytes 20.04.2015 15:26:40
AVARKT.DLL : 15.0.9.460 228088 Bytes 20.04.2015 15:26:36
AVEVTLOG.DLL : 15.0.9.460 193328 Bytes 20.04.2015 15:26:38
SQLITE3.DLL : 15.0.9.460 455472 Bytes 20.04.2015 15:26:59
AVSMTP.DLL : 15.0.9.460 79096 Bytes 20.04.2015 15:26:41
NETNT.DLL : 15.0.9.460 15152 Bytes 20.04.2015 15:26:57
CommonImageRc.dll: 15.0.9.460 4355376 Bytes 20.04.2015 15:26:30
CommonTextRc.DLL: 15.0.9.476 70960 Bytes 20.04.2015 15:26:30
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 27. April 2015 22:09
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '170' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'AMD Reservation Manager.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'MMDx64Fx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'CxAudMsg64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'Fuel.Service.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'clear.fiAgent.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMREngine.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeXnicCenter.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'IEXPLORE.EXE' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2729' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Acer>
C:\$RECYCLE.BIN\S-1-5-21-3817438319-2950311145-3816183397-1001\$RTXKITX.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Yontoo.76240
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\WindowtCodecsExt.dll
[FUND] Ist das Trojanische Pferd TR/Mediyes.Gen6
Beginne mit der Desinfektion:
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\WindowtCodecsExt.dll
[FUND] Ist das Trojanische Pferd TR/Mediyes.Gen6
[HINWEIS] Die Datei wurde gelöscht.
C:\$RECYCLE.BIN\S-1-5-21-3817438319-2950311145-3816183397-1001\$RTXKITX.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Yontoo.76240
[HINWEIS] Die Datei wurde gelöscht.
Ende des Suchlaufs: Dienstag, 28. April 2015 01:33
Benötigte Zeit: 3:18:57 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
43550 Verzeichnisse wurden überprüft
1585122 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
2 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1585120 Dateien ohne Befall
8749 Archive wurden durchsucht
0 Warnungen
2 Hinweise
848418 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter C:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir
C:\Users\Kerstin\AppData\Roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm.vir
C:\Program Files (x86)\SearchProtect\EULA.txt->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\EULA.txt.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings.html.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\style.css.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Icon.ico->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\Icon.ico.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js.vir
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir
C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\rep\cfi.bin.vir
C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\rep\edk.bin.vir
C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\rep\pni.bin.vir
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat.vir
C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\rep\trn.bin.vir
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir
C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir
C:\Users\Kerstin\AppData\Local\SearchProtect\UI\rep\UIRepository.dat->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Local\SearchProtect\UI\rep\UIRepository.dat.vir
C:\Users\Kerstin\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat.vir
C:\Users\Kerstin\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat.vir
C:\Users\Kerstin\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat.vir
C:\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\7366.ico->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\7366.ico.vir
C:\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\asd3xcy2.exe->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\asd3xcy2.exe.vir
C:\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\du339c.exe->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\du339c.exe.vir
Scans mit MBAM (läuft gerade), MBAR und eine frisches FRST-File reiche ich dann gleich nach. Danke im Vorraus und Liebe Grüße MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.05.2015 Suchlauf-Zeit: 17:02:12 Logdatei: log.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.05.11.03 Rootkit Datenbank: v2015.04.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Kerstin Suchlauf-Art: Benutzerdefinierter Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 609785 Verstrichene Zeit: 4 Std, 42 Min, 16 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 15 PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir, , [c674a1ceee9c989e66590faf827fa858], PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir, , [3505a9c6f694ac8ac0fffec037cac739], PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir, , [1a20a8c7c1c93ef8fcc37f3f28d9c13f], PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir, , [61d974fb038738fe417e6955659cb54b], PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir, , [d56558174f3b51e515aa0ab428d9639d], PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir, , [92a8640ba8e2a393c3fc506e4ab735cb], PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir, , [a298aac5c2c8de5800bff0ce728fd729], PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir, , [ed4d0966e4a6b77f38877b431ae7619f], PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir, , [40fa026d3852211510af3c82a160c040], PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir, , [be7c7ef14b3f60d6289703bb7d8456aa], PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir, , [2b0f7ff06a20ff37af108e30d82936ca], PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\asd3xcy2.exe.vir, , [44f62649c5c5af87e2cd268db15012ee], PUP.Optional.Softonic.A, C:\System Volume Information\SystemRestore\FRStaging\Users\Kerstin\Desktop\Downloads\SoftonicDownloader_fuer_regcleaner.exe, , [9d9d640b44467eb80e483d16b34ea15f], PUP.Optional.Conduit.A, C:\Users\Kerstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CO3BV437\spstub[1].exe, , [83b7026d8bff8da92304a316e819ac54], PUP.Optional.SearchProtect.A, C:\Users\Kerstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGJ19T2Y\SPSetup[1].exe, , [28128be48604ad89635c3a840cf503fd], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2014.11.18.05
rootkit: v2014.11.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Kerstin :: KERSTIN-PC [administrator]
11.05.2015 21:51:54
mbar-log-2015-05-11 (21-51-54).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 344769
Time elapsed: 26 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Kerstin (administrator) on KERSTIN-PC on 11-05-2015 22:40:04
Running from C:\Users\Kerstin\Desktop
Loaded Profiles: Kerstin (Available profiles: Kerstin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> DefaultScope {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-04] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-21]
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.com/de"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]
CHR Extension: (Google Drive) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15]
CHR Extension: (YouTube) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-15]
CHR Extension: (Google Search) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-15]
CHR Extension: (Bookmark Manager) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR Extension: (Gmail) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [30208 2006-11-07] (AVM GmbH)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-11 22:39 - 2015-05-11 22:39 - 00000000 ____D () C:\Users\Kerstin\Desktop\FRST-OlderVersion
2015-05-11 22:34 - 2015-05-11 22:34 - 00275496 _____ () C:\Windows\Minidump\051115-21216-01.dmp
2015-05-11 21:47 - 2015-05-11 21:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kerstin\Desktop\mbar-1.09.1.1004.exe
2015-05-11 16:52 - 2015-05-11 16:52 - 00275496 _____ () C:\Windows\Minidump\051115-23883-01.dmp
2015-04-29 10:26 - 2015-04-29 10:27 - 00275496 _____ () C:\Windows\Minidump\042915-26832-01.dmp
2015-04-27 01:13 - 2015-04-27 01:13 - 00275496 _____ () C:\Windows\Minidump\042715-21403-01.dmp
2015-04-27 01:02 - 2015-04-27 01:02 - 00022531 _____ () C:\Users\Kerstin\Downloads\Tutorium_komplett_SS2015.zip
2015-04-20 17:35 - 2013-09-16 19:46 - 00000910 _____ () C:\Users\Kerstin\Desktop\Downloads.lnk
2015-04-20 17:28 - 2015-04-20 17:28 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-20 17:25 - 2015-04-20 17:33 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Avira
2015-04-20 17:25 - 2015-04-20 17:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 17:24 - 2015-05-05 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-20 17:23 - 2015-05-05 12:44 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-20 17:23 - 2015-05-05 12:44 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-20 17:23 - 2015-04-20 17:31 - 00000000 ____D () C:\ProgramData\Avira
2015-04-20 17:23 - 2015-04-20 17:28 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-20 17:23 - 2015-03-17 13:01 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-20 17:23 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-20 16:12 - 2015-04-20 16:12 - 00275552 _____ () C:\Windows\Minidump\042015-26925-01.dmp
2015-04-19 05:12 - 2015-04-19 05:13 - 00275496 _____ () C:\Windows\Minidump\041915-28314-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-11 22:40 - 2015-03-23 23:31 - 00015611 _____ () C:\Users\Kerstin\Desktop\FRST.txt
2015-05-11 22:40 - 2013-12-24 23:48 - 00000000 ____D () C:\FRST
2015-05-11 22:39 - 2015-03-23 23:29 - 02102784 _____ (Farbar) C:\Users\Kerstin\Desktop\FRST64.exe
2015-05-11 22:39 - 2011-02-01 15:56 - 00659238 _____ () C:\Windows\system32\perfh007.dat
2015-05-11 22:39 - 2011-02-01 15:56 - 00132776 _____ () C:\Windows\system32\perfc007.dat
2015-05-11 22:39 - 2009-07-14 07:13 - 01512418 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-11 22:36 - 2013-12-25 03:40 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-11 22:35 - 2013-12-25 00:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-11 22:35 - 2011-03-27 15:20 - 00000000 ____D () C:\ProgramData\clear.fi
2015-05-11 22:34 - 2013-10-15 15:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 22:34 - 2011-05-09 19:45 - 382813359 _____ () C:\Windows\MEMORY.DMP
2015-05-11 22:34 - 2011-05-09 19:45 - 00000000 ____D () C:\Windows\Minidump
2015-05-11 22:34 - 2011-02-01 07:05 - 00552176 _____ () C:\Windows\PFRO.log
2015-05-11 22:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-11 22:34 - 2009-07-14 06:51 - 00246898 _____ () C:\Windows\setupact.log
2015-05-11 22:21 - 2013-12-25 00:44 - 00000000 ____D () C:\Users\Kerstin\Desktop\mbar
2015-05-11 22:20 - 2015-02-24 05:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 21:50 - 2014-07-01 14:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 21:49 - 2013-10-15 15:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-11 21:48 - 2014-07-01 14:31 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 21:46 - 2011-01-17 19:22 - 00000000 ____D () C:\Windows\oem
2015-05-11 17:00 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-11 17:00 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-11 15:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-08 12:33 - 2014-10-07 12:34 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\FileAdvisor
2015-05-08 12:33 - 2014-09-21 12:33 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2015-05-07 22:54 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-29 12:37 - 2011-04-02 05:41 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Skype
2015-04-20 17:50 - 2011-01-17 19:18 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-20 17:50 - 2011-01-17 19:18 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-20 17:28 - 2011-02-01 07:08 - 01703796 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 23:20 - 2015-02-24 05:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-19 23:20 - 2015-02-24 05:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-19 23:20 - 2011-06-28 13:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 01:19 - 2014-09-19 00:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 01:19 - 2011-04-02 05:39 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2011-10-30 22:36 - 2011-10-31 16:36 - 0000000 ____H () C:\Users\Kerstin\AppData\Roaming\windrvconfig.txt
2012-11-14 16:18 - 2012-11-14 16:18 - 0000337 _____ () C:\Users\Kerstin\AppData\Local\Perfmon.PerfmonCfg
2011-12-02 05:25 - 2013-10-15 16:13 - 0007602 _____ () C:\Users\Kerstin\AppData\Local\Resmon.ResmonCfg
2011-02-01 07:34 - 2011-02-01 07:43 - 0016243 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-02 05:42 - 2011-04-02 05:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Files to move or delete:
====================
C:\Users\Kerstin\CTX.DAT
Some content of TEMP:
====================
C:\Users\Kerstin\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Kerstin\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Kerstin\AppData\Local\Temp\MSN2.exe
C:\Users\Kerstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kerstin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kerstin\AppData\Local\Temp\sqlite3.dll
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387729963429_3f9979_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388078529334_c44289_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388143015269_e25c23_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1389741798020_e25c23_de.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-05 12:06
==================== End Of Log ============================
|
|
12.05.2015, 01:01
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Laptop wirkt verlangsamt und allgemeiner Check Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Windows 7: Laptop wirkt verlangsamt und allgemeiner Check |
|
12.05.2015, 11:46
| #7 |
| | Windows 7: Laptop wirkt verlangsamt und allgemeiner Check adwCleaner Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 12/05/2015 um 12:42:08
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Kerstin - KERSTIN-PC
# Gestarted von : C:\Users\Kerstin\Desktop\AdwCleaner_4.203.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
***** [ Internetbrowser ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Google Chrome v42.0.2311.135
[C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
[C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Default_Search_Provider_Data] :
*************************
AdwCleaner[R3].txt - [1408 Bytes] - [12/05/2015 12:42:08]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1467 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Home Premium x64
Ran by Kerstin on 12.05.2015 at 12:49:04,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.05.2015 at 12:55:30,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Kerstin (administrator) on KERSTIN-PC on 12-05-2015 12:58:46
Running from C:\Users\Kerstin\Desktop
Loaded Profiles: Kerstin (Available profiles: Kerstin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-04] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-21]
Chrome:
=======
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [30208 2006-11-07] (AVM GmbH)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-12 12:55 - 2015-05-12 12:55 - 00000602 _____ () C:\Users\Kerstin\Desktop\JRT.txt
2015-05-12 12:49 - 2015-05-12 12:49 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KERSTIN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-12 12:49 - 2015-05-12 12:49 - 00000000 ____D () C:\RegBackup
2015-05-12 12:36 - 2015-05-12 12:42 - 00000000 ____D () C:\AdwCleaner
2015-05-12 12:35 - 2015-05-12 12:35 - 02720307 _____ (Thisisu) C:\Users\Kerstin\Desktop\JRT.exe
2015-05-12 12:33 - 2015-05-12 12:33 - 02204160 _____ () C:\Users\Kerstin\Desktop\AdwCleaner_4.203.exe
2015-05-12 11:36 - 2015-05-12 11:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kerstin\Downloads\revosetup95.exe
2015-05-12 11:36 - 2015-05-12 11:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kerstin\Downloads\revosetup95 (1).exe
2015-05-12 11:36 - 2015-05-12 11:36 - 00000748 _____ () C:\Users\Kerstin\Desktop\Revo Uninstaller.lnk
2015-05-11 22:34 - 2015-05-11 22:34 - 00275496 _____ () C:\Windows\Minidump\051115-21216-01.dmp
2015-05-11 21:47 - 2015-05-11 21:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kerstin\Desktop\mbar-1.09.1.1004.exe
2015-05-11 16:52 - 2015-05-11 16:52 - 00275496 _____ () C:\Windows\Minidump\051115-23883-01.dmp
2015-04-29 10:26 - 2015-04-29 10:27 - 00275496 _____ () C:\Windows\Minidump\042915-26832-01.dmp
2015-04-27 01:13 - 2015-04-27 01:13 - 00275496 _____ () C:\Windows\Minidump\042715-21403-01.dmp
2015-04-27 01:02 - 2015-04-27 01:02 - 00022531 _____ () C:\Users\Kerstin\Downloads\Tutorium_komplett_SS2015.zip
2015-04-20 17:35 - 2013-09-16 19:46 - 00000910 _____ () C:\Users\Kerstin\Desktop\Downloads.lnk
2015-04-20 17:28 - 2015-04-20 17:28 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-20 17:25 - 2015-04-20 17:33 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Avira
2015-04-20 17:25 - 2015-04-20 17:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 17:24 - 2015-05-05 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-20 17:23 - 2015-05-05 12:44 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-20 17:23 - 2015-05-05 12:44 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-20 17:23 - 2015-04-20 17:31 - 00000000 ____D () C:\ProgramData\Avira
2015-04-20 17:23 - 2015-04-20 17:28 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-20 17:23 - 2015-03-17 13:01 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-20 17:23 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-20 16:12 - 2015-04-20 16:12 - 00275552 _____ () C:\Windows\Minidump\042015-26925-01.dmp
2015-04-19 05:12 - 2015-04-19 05:13 - 00275496 _____ () C:\Windows\Minidump\041915-28314-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-12 12:58 - 2015-03-23 23:31 - 00011702 _____ () C:\Users\Kerstin\Desktop\FRST.txt
2015-05-12 12:58 - 2013-12-24 23:48 - 00000000 ____D () C:\FRST
2015-05-12 12:57 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-12 12:57 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-12 12:49 - 2013-10-15 15:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 12:48 - 2011-02-01 15:56 - 00659238 _____ () C:\Windows\system32\perfh007.dat
2015-05-12 12:48 - 2011-02-01 15:56 - 00132776 _____ () C:\Windows\system32\perfc007.dat
2015-05-12 12:48 - 2009-07-14 07:13 - 01512418 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-12 12:43 - 2013-12-25 03:40 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-12 12:43 - 2013-10-15 15:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 12:43 - 2011-03-27 15:20 - 00000000 ____D () C:\ProgramData\clear.fi
2015-05-12 12:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-12 12:43 - 2009-07-14 06:51 - 00247010 _____ () C:\Windows\setupact.log
2015-05-12 12:20 - 2015-02-24 05:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-12 11:31 - 2011-02-01 07:05 - 00552530 _____ () C:\Windows\PFRO.log
2015-05-11 22:39 - 2015-03-23 23:29 - 02102784 _____ (Farbar) C:\Users\Kerstin\Desktop\FRST64.exe
2015-05-11 22:35 - 2013-12-25 00:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-11 22:34 - 2011-05-09 19:45 - 382813359 _____ () C:\Windows\MEMORY.DMP
2015-05-11 22:34 - 2011-05-09 19:45 - 00000000 ____D () C:\Windows\Minidump
2015-05-11 22:34 - 2011-01-17 19:22 - 00000000 ____D () C:\Windows\oem
2015-05-11 22:21 - 2013-12-25 00:44 - 00000000 ____D () C:\Users\Kerstin\Desktop\mbar
2015-05-11 21:50 - 2014-07-01 14:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 21:48 - 2014-07-01 14:31 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 15:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-08 12:33 - 2014-10-07 12:34 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\FileAdvisor
2015-05-08 12:33 - 2014-09-21 12:33 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2015-05-07 22:54 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-29 12:37 - 2011-04-02 05:41 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Skype
2015-04-20 17:50 - 2011-01-17 19:18 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-20 17:50 - 2011-01-17 19:18 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-20 17:28 - 2011-02-01 07:08 - 01703796 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 23:20 - 2015-02-24 05:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-19 23:20 - 2015-02-24 05:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-19 23:20 - 2011-06-28 13:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 01:19 - 2014-09-19 00:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 01:19 - 2011-04-02 05:39 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2011-10-30 22:36 - 2011-10-31 16:36 - 0000000 ____H () C:\Users\Kerstin\AppData\Roaming\windrvconfig.txt
2012-11-14 16:18 - 2012-11-14 16:18 - 0000337 _____ () C:\Users\Kerstin\AppData\Local\Perfmon.PerfmonCfg
2011-12-02 05:25 - 2013-10-15 16:13 - 0007602 _____ () C:\Users\Kerstin\AppData\Local\Resmon.ResmonCfg
2011-02-01 07:34 - 2011-02-01 07:43 - 0016243 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-02 05:42 - 2011-04-02 05:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Files to move or delete:
====================
C:\Users\Kerstin\CTX.DAT
Some content of TEMP:
====================
C:\Users\Kerstin\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Kerstin\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Kerstin\AppData\Local\Temp\MSN2.exe
C:\Users\Kerstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kerstin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kerstin\AppData\Local\Temp\sqlite3.dll
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387729963429_3f9979_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388078529334_c44289_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388143015269_e25c23_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1389741798020_e25c23_de.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-05 12:06
==================== End Of Log ============================
Geändert von karl-heinz00 (12.05.2015 um 12:01 Uhr) |
|
12.05.2015, 16:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Laptop wirkt verlangsamt und allgemeiner Check Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2015, 18:06
| #9 |
| | Windows 7: Laptop wirkt verlangsamt und allgemeiner CheckFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Kerstin (administrator) on KERSTIN-PC on 12-05-2015 18:52:59
Running from C:\Users\Kerstin\Desktop
Loaded Profiles: Kerstin (Available profiles: Kerstin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\qtiplot.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The TeXnicCenter Team) C:\Program Files (x86)\TeXnicCenter\TeXnicCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-04] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-21]
Chrome:
=======
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [30208 2006-11-07] (AVM GmbH)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-12 12:55 - 2015-05-12 12:55 - 00000602 _____ () C:\Users\Kerstin\Desktop\JRT.txt
2015-05-12 12:49 - 2015-05-12 12:49 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KERSTIN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-12 12:49 - 2015-05-12 12:49 - 00000000 ____D () C:\RegBackup
2015-05-12 12:36 - 2015-05-12 12:42 - 00000000 ____D () C:\AdwCleaner
2015-05-12 12:35 - 2015-05-12 12:35 - 02720307 _____ (Thisisu) C:\Users\Kerstin\Desktop\JRT.exe
2015-05-12 12:33 - 2015-05-12 12:33 - 02204160 _____ () C:\Users\Kerstin\Desktop\AdwCleaner_4.203.exe
2015-05-12 11:36 - 2015-05-12 11:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kerstin\Downloads\revosetup95.exe
2015-05-12 11:36 - 2015-05-12 11:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kerstin\Downloads\revosetup95 (1).exe
2015-05-12 11:36 - 2015-05-12 11:36 - 00000748 _____ () C:\Users\Kerstin\Desktop\Revo Uninstaller.lnk
2015-05-11 22:34 - 2015-05-11 22:34 - 00275496 _____ () C:\Windows\Minidump\051115-21216-01.dmp
2015-05-11 21:47 - 2015-05-11 21:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kerstin\Desktop\mbar-1.09.1.1004.exe
2015-05-11 16:52 - 2015-05-11 16:52 - 00275496 _____ () C:\Windows\Minidump\051115-23883-01.dmp
2015-04-29 10:26 - 2015-04-29 10:27 - 00275496 _____ () C:\Windows\Minidump\042915-26832-01.dmp
2015-04-27 01:13 - 2015-04-27 01:13 - 00275496 _____ () C:\Windows\Minidump\042715-21403-01.dmp
2015-04-27 01:02 - 2015-04-27 01:02 - 00022531 _____ () C:\Users\Kerstin\Downloads\Tutorium_komplett_SS2015.zip
2015-04-20 17:35 - 2013-09-16 19:46 - 00000910 _____ () C:\Users\Kerstin\Desktop\Downloads.lnk
2015-04-20 17:28 - 2015-04-20 17:28 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-20 17:25 - 2015-04-20 17:33 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Avira
2015-04-20 17:25 - 2015-04-20 17:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 17:24 - 2015-05-05 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-20 17:23 - 2015-05-05 12:44 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-20 17:23 - 2015-05-05 12:44 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-20 17:23 - 2015-04-20 17:31 - 00000000 ____D () C:\ProgramData\Avira
2015-04-20 17:23 - 2015-04-20 17:28 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-20 17:23 - 2015-03-17 13:01 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-20 17:23 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-20 16:12 - 2015-04-20 16:12 - 00275552 _____ () C:\Windows\Minidump\042015-26925-01.dmp
2015-04-19 05:12 - 2015-04-19 05:13 - 00275496 _____ () C:\Windows\Minidump\041915-28314-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-12 18:53 - 2015-03-23 23:31 - 00012726 _____ () C:\Users\Kerstin\Desktop\FRST.txt
2015-05-12 18:53 - 2013-12-24 23:48 - 00000000 ____D () C:\FRST
2015-05-12 18:49 - 2013-10-15 15:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 18:20 - 2015-02-24 05:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-12 14:31 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-12 14:31 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-12 12:48 - 2011-02-01 15:56 - 00659238 _____ () C:\Windows\system32\perfh007.dat
2015-05-12 12:48 - 2011-02-01 15:56 - 00132776 _____ () C:\Windows\system32\perfc007.dat
2015-05-12 12:48 - 2009-07-14 07:13 - 01512418 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-12 12:43 - 2013-12-25 03:40 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-12 12:43 - 2013-10-15 15:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 12:43 - 2011-03-27 15:20 - 00000000 ____D () C:\ProgramData\clear.fi
2015-05-12 12:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-12 12:43 - 2009-07-14 06:51 - 00247010 _____ () C:\Windows\setupact.log
2015-05-12 11:31 - 2011-02-01 07:05 - 00552530 _____ () C:\Windows\PFRO.log
2015-05-11 22:39 - 2015-03-23 23:29 - 02102784 _____ (Farbar) C:\Users\Kerstin\Desktop\FRST64.exe
2015-05-11 22:35 - 2013-12-25 00:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-11 22:34 - 2011-05-09 19:45 - 382813359 _____ () C:\Windows\MEMORY.DMP
2015-05-11 22:34 - 2011-05-09 19:45 - 00000000 ____D () C:\Windows\Minidump
2015-05-11 22:34 - 2011-01-17 19:22 - 00000000 ____D () C:\Windows\oem
2015-05-11 22:21 - 2013-12-25 00:44 - 00000000 ____D () C:\Users\Kerstin\Desktop\mbar
2015-05-11 21:50 - 2014-07-01 14:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 21:48 - 2014-07-01 14:31 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 15:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-08 12:33 - 2014-10-07 12:34 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\FileAdvisor
2015-05-08 12:33 - 2014-09-21 12:33 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2015-05-07 22:54 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-29 12:37 - 2011-04-02 05:41 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Skype
2015-04-20 17:50 - 2011-01-17 19:18 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-20 17:50 - 2011-01-17 19:18 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-20 17:28 - 2011-02-01 07:08 - 01703796 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 23:20 - 2015-02-24 05:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-19 23:20 - 2015-02-24 05:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-19 23:20 - 2011-06-28 13:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 01:19 - 2014-09-19 00:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 01:19 - 2011-04-02 05:39 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2011-10-30 22:36 - 2011-10-31 16:36 - 0000000 ____H () C:\Users\Kerstin\AppData\Roaming\windrvconfig.txt
2012-11-14 16:18 - 2012-11-14 16:18 - 0000337 _____ () C:\Users\Kerstin\AppData\Local\Perfmon.PerfmonCfg
2011-12-02 05:25 - 2013-10-15 16:13 - 0007602 _____ () C:\Users\Kerstin\AppData\Local\Resmon.ResmonCfg
2011-02-01 07:34 - 2011-02-01 07:43 - 0016243 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-02 05:42 - 2011-04-02 05:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Files to move or delete:
====================
C:\Users\Kerstin\CTX.DAT
Some content of TEMP:
====================
C:\Users\Kerstin\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Kerstin\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Kerstin\AppData\Local\Temp\MSN2.exe
C:\Users\Kerstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kerstin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kerstin\AppData\Local\Temp\sqlite3.dll
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387729963429_3f9979_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388078529334_c44289_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388143015269_e25c23_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1389741798020_e25c23_de.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-05 12:06
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Kerstin at 2015-05-12 18:54:37
Running from C:\Users\Kerstin\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3817438319-2950311145-3816183397-500 - Administrator - Disabled)
Gast (S-1-5-21-3817438319-2950311145-3816183397-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3817438319-2950311145-3816183397-1003 - Limited - Enabled)
Kerstin (S-1-5-21-3817438319-2950311145-3816183397-1001 - Administrator - Enabled) => C:\Users\Kerstin
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{B82157D3-6D31-4650-93B4-FC39BB08D6CE}) (Version: 15.00.0000 - Akademische Arbeitsgemeinschaft)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1306 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1306 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3001 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
ccc-core-static (x32 Version: 2010.1118.1603.28745 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.41.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Stylus SX510W_TX550W Handbuch (HKLM-x32\...\Epson Stylus SX510W_TX550W Benutzerhandbuch) (Version: - )
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
File Type Advisor 1.4 (HKLM-x32\...\File Type Advisor_is1) (Version: - filetypeadvisor.com)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.5 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
PyQt4 - PyQwt5 5.2.1-5 (HKLM-x32\...\PyQt4 - PyQwt5 5.2.1-5) (Version: 5.2.1-5 - pythonxy.com)
PyQt4 - QtHelp 4.8.3-1 (HKLM-x32\...\PyQt4 - QtHelp 4.8.3-1) (Version: 4.8.3-1 - pythonxy.com)
Python 2.7 - cx_Freeze 4.3.1-1 (HKLM-x32\...\Python 2.7 - cx_Freeze 4.3.1-1) (Version: 4.3.1-1 - pythonxy.com)
Python 2.7 - distribute 0.6.32-2 (HKLM-x32\...\Python 2.7 - distribute 0.6.32-2) (Version: 0.6.32-2 - pythonxy.com)
Python 2.7 - docutils 0.9.1 (HKLM-x32\...\Python 2.7 - docutils 0.9.1) (Version: 0.9.1 - pythonxy.com)
Python 2.7 - EnthoughtToolSuite 4.2.0-1 (HKLM-x32\...\Python 2.7 - EnthoughtToolSuite 4.2.0-1) (Version: 4.2.0-1 - pythonxy.com)
Python 2.7 - formlayout 1.0.9 (HKLM-x32\...\Python 2.7 - formlayout 1.0.9) (Version: 1.0.9 - pythonxy.com)
Python 2.7 - Gnuplot 1.8.0.3 (HKLM-x32\...\Python 2.7 - Gnuplot 1.8.0.3) (Version: 1.8.0.3 - pythonxy.com)
Python 2.7 - guidata 1.5.1-1 (HKLM-x32\...\Python 2.7 - guidata 1.5.1-1) (Version: 1.5.1-1 - pythonxy.com)
Python 2.7 - guiqwt 2.2.1-1 (HKLM-x32\...\Python 2.7 - guiqwt 2.2.1-1) (Version: 2.2.1-1 - pythonxy.com)
Python 2.7 - h5py 2.1.0 (HKLM-x32\...\Python 2.7 - h5py 2.1.0) (Version: 2.1.0 - pythonxy.com)
Python 2.7 - IPython 0.13.1-1 (HKLM-x32\...\Python 2.7 - IPython 0.13.1-1) (Version: 0.13.1-1 - pythonxy.com)
Python 2.7 - jinja2 2.6.0.1 (HKLM-x32\...\Python 2.7 - jinja2 2.6.0.1) (Version: 2.6.0.1 - pythonxy.com)
Python 2.7 - matplotlib 1.1.1 (HKLM-x32\...\Python 2.7 - matplotlib 1.1.1) (Version: 1.1.1 - pythonxy.com)
Python 2.7 - nose 1.2.1 (HKLM-x32\...\Python 2.7 - nose 1.2.1) (Version: 1.2.1 - pythonxy.com)
Python 2.7 - numexpr 2.0.1 (HKLM-x32\...\Python 2.7 - numexpr 2.0.1) (Version: 2.0.1 - pythonxy.com)
Python 2.7 - numpy 1.6.2 (HKLM-x32\...\Python 2.7 - numpy 1.6.2) (Version: 1.6.2 - pythonxy.com)
Python 2.7 - pandas 0.9.1-2 (HKLM-x32\...\Python 2.7 - pandas 0.9.1-2) (Version: 0.9.1-2 - pythonxy.com)
Python 2.7 - PIL 1.1.7.2 (HKLM-x32\...\Python 2.7 - PIL 1.1.7.2) (Version: 1.1.7.2 - pythonxy.com)
Python 2.7 - ply 3.4 (HKLM-x32\...\Python 2.7 - ply 3.4) (Version: 3.4 - pythonxy.com)
Python 2.7 - psutils 0.6.1 (HKLM-x32\...\Python 2.7 - psutils 0.6.1) (Version: 0.6.1 - pythonxy.com)
Python 2.7 - py2exe 0.6.9 (HKLM-x32\...\Python 2.7 - py2exe 0.6.9) (Version: 0.6.9 - pythonxy.com)
Python 2.7 - pyfits 3.1 (HKLM-x32\...\Python 2.7 - pyfits 3.1) (Version: 3.1 - pythonxy.com)
Python 2.7 - pygments 1.5.0 (HKLM-x32\...\Python 2.7 - pygments 1.5.0) (Version: 1.5.0 - pythonxy.com)
Python 2.7 - pylint 0.26-1 (HKLM-x32\...\Python 2.7 - pylint 0.26-1) (Version: 0.26-1 - pythonxy.com)
Python 2.7 - PyOpenGL 3.0.2-1 (HKLM-x32\...\Python 2.7 - PyOpenGL 3.0.2-1) (Version: 3.0.2-1 - pythonxy.com)
Python 2.7 - PyQt4 4.9.5-2 (HKLM-x32\...\Python 2.7 - PyQt4 4.9.5-2) (Version: 4.9.5-2 - pythonxy.com)
Python 2.7 - pyreadline 1.7.1 (HKLM-x32\...\Python 2.7 - pyreadline 1.7.1) (Version: 1.7.1 - pythonxy.com)
Python 2.7 - pytables 2.4.0 (HKLM-x32\...\Python 2.7 - pytables 2.4.0) (Version: 2.4.0 - pythonxy.com)
Python 2.7 - pywin32 218-1 (HKLM-x32\...\Python 2.7 - pywin32 218-1) (Version: 218-1 - pythonxy.com)
Python 2.7 - pyzmq 2.2.0.1-1 (HKLM-x32\...\Python 2.7 - pyzmq 2.2.0.1-1) (Version: 2.2.0.1-1 - pythonxy.com)
Python 2.7 - reportlab 2.6 (HKLM-x32\...\Python 2.7 - reportlab 2.6) (Version: 2.6 - pythonxy.com)
Python 2.7 - scipy 0.11.0 (HKLM-x32\...\Python 2.7 - scipy 0.11.0) (Version: 0.11.0 - pythonxy.com)
Python 2.7 - sphinx 1.1.3.1 (HKLM-x32\...\Python 2.7 - sphinx 1.1.3.1) (Version: 1.1.3.1 - pythonxy.com)
Python 2.7 - spyder 2.1.11 (HKLM-x32\...\Python 2.7 - spyder 2.1.11) (Version: 2.1.11 - pythonxy.com)
Python 2.7 - sqlalchemy 0.7.9-2 (HKLM-x32\...\Python 2.7 - sqlalchemy 0.7.9-2) (Version: 0.7.9-2 - pythonxy.com)
Python 2.7 - tornado 2.4.1-1 (HKLM-x32\...\Python 2.7 - tornado 2.4.1-1) (Version: 2.4.1-1 - pythonxy.com)
Python 2.7 - veusz 1.16 (HKLM-x32\...\Python 2.7 - veusz 1.16) (Version: 1.16 - pythonxy.com)
Python 2.7 - virtualenv 1.8.4-2 (HKLM-x32\...\Python 2.7 - virtualenv 1.8.4-2) (Version: 1.8.4-2 - pythonxy.com)
Python 2.7 - vitables 2.1.0.3 (HKLM-x32\...\Python 2.7 - vitables 2.1.0.3) (Version: 2.1.0.3 - pythonxy.com)
Python 2.7 - vtk 5.10.0 (HKLM-x32\...\Python 2.7 - vtk 5.10.0) (Version: 5.10.0 - pythonxy.com)
Python 2.7 - wxPython 2.8.12.1 (HKLM-x32\...\Python 2.7 - wxPython 2.8.12.1) (Version: 2.8.12.1 - pythonxy.com)
Python 2.7 - xy 1.2.16-1 (HKLM-x32\...\Python 2.7 - xy 1.2.16-1) (Version: 1.2.16-1 - pythonxy.com)
Python 2.7.3 (x32 Version: 2.7.3150 - Python Software Foundation) Hidden
Python(x,y) - console 2.0.148-8 (HKLM-x32\...\Python(x,y) - console 2.0.148-8) (Version: 2.0.148-8 - pythonxy.com)
Python(x,y) - mingw 4.5.2.3 (HKLM-x32\...\Python(x,y) - mingw 4.5.2.3) (Version: 4.5.2.3 - pythonxy.com)
Python(x,y) - SciTE 3.2.2-1 (HKLM-x32\...\Python(x,y) - SciTE 3.2.2-1) (Version: 3.2.2-1 - pythonxy.com)
Python(x,y) - xydoc 1.0.5.1 (HKLM-x32\...\Python(x,y) - xydoc 1.0.5.1) (Version: 1.0.5.1 - pythonxy.com)
Python(x,y) (HKLM-x32\...\Python(x,y)) (Version: 2.7.3.1 - www.pythonxy.com)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.4.17 - Sony Ericsson Mobile Communications AB)
Sony PC Companion 2.10.094 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.094 - Sony)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
Steuer-Sparer 2011 (HKLM-x32\...\{3499BB0F-E68A-4353-B6F0-701D0AD1CE2F}) (Version: 16.12 - Akademische Arbeitsgemeinschaft Verlag)
TeXnicCenter Version 2.0 Beta 1 (HKLM-x32\...\TeXnicCenter_is1) (Version: 2.0 Beta 1 - The TeXnicCenter Team)
VideoLAN VLC media player 0.8.5 (HKLM-x32\...\VLC media player) (Version: 0.8.5 - VideoLAN Team)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
29-03-2015 16:36:56 Geplanter Prüfpunkt
29-04-2015 15:16:09 Geplanter Prüfpunkt
09-05-2015 15:49:25 Geplanter Prüfpunkt
12-05-2015 11:39:07 Revo Uninstaller's restore point - Free M4a to MP3 Converter 8.1
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-06-03 08:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03CCB95E-50E3-424C-882E-1CDF9C451175} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {059CB88E-3DB2-4949-8FB9-77D3485A6BD5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)
Task: {32D0AA94-94F2-4260-B87E-0B676C3C99D8} - System32\Tasks\{365B1BB6-0DBB-4A2E-BF02-61988F376446} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
Task: {34F51131-442B-49E7-AACB-B74042D3B613} - System32\Tasks\{3CDF03BA-C92E-46CA-8900-61A3C00E2A78} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
Task: {45F961C0-77A4-4E5A-B387-B405B5A3F58F} - System32\Tasks\{075A127A-1303-4C3B-8201-3E5C0447364D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
Task: {6534A55B-A4A0-454D-9C91-1D7A907E1489} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-19] (Adobe Systems Incorporated)
Task: {6A8EDEC6-F055-41FC-8655-11A5E837A011} - System32\Tasks\{DC5B2564-B5CB-4967-B07B-9FB23D130316} => pcalua.exe -a C:\Users\Kerstin\Desktop\Downloads\JabRef-2.8.1-setup.exe -d C:\Users\Kerstin\Desktop\Downloads
Task: {884424F8-F8D9-4A3B-B400-E369F6430795} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)
Task: {ABE42175-8175-4B87-98F8-D03771ACDFAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {C5074024-3B27-441F-9CEB-E898CD0DB864} - System32\Tasks\{5A7B0BE9-1FA8-4AA8-AD61-8AD850E53D4E} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=2
Task: {CF4F2F69-2E57-4131-A063-4F8DC334E5BC} - System32\Tasks\{F163F189-5888-4976-9F05-E032A555EA94} => Firefox.exe hxxp://ui.skype.com/ui/0/5.2.60.113/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {DCD52E09-71A7-4501-9125-43D951150F9C} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-09-04] (filetypeadvisor.com )
Task: {F0EB3259-108C-419C-BDA3-C445975EC1B9} - System32\Tasks\{A307B3C9-5AAF-42D1-A256-CEEC2E201A4D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.2.60.113/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {F89AABCC-F8A2-4013-B15C-F2F3D3FD3097} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-09-04] (File Type Advisor)
Task: {FFAFB065-20A0-4B1C-A2CE-F7989394D72E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2011-01-19 14:25 - 2012-11-13 11:08 - 09680896 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\qtiplot.exe
2013-10-10 23:48 - 2013-10-10 23:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-05-04 23:52 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-05-04 23:52 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-05-04 23:52 - 2015-04-28 04:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
2011-03-27 20:16 - 2012-02-24 07:08 - 09387520 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
2012-01-03 15:10 - 2012-01-03 15:10 - 00249232 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2011-03-27 20:17 - 2012-02-24 07:09 - 00014336 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
2011-03-28 19:49 - 2012-04-04 12:50 - 00045568 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
2011-03-27 20:17 - 2012-03-13 23:17 - 00100352 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
2011-01-19 14:25 - 2012-11-13 11:08 - 00171008 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\quazip.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 05280768 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtCore4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00536576 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\qwtplot3d.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 22156288 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtGui4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00840704 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtOpenGL4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 02882560 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\Qt3Support4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00913408 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtNetwork4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00299008 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtSql4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00413696 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtXml4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00087552 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtAssistantClient4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00371200 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtSvg4.dll
2011-01-19 14:28 - 2012-11-13 11:08 - 00094720 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\imageformats\qgif4.dll
2011-01-19 14:28 - 2012-11-13 11:08 - 00096768 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\imageformats\qico4.dll
2011-01-19 14:28 - 2012-11-13 11:08 - 00206336 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\imageformats\qjpeg4.dll
2011-01-19 14:28 - 2012-11-13 11:08 - 00378880 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\imageformats\qmng4.dll
2011-01-19 14:28 - 2012-11-13 11:08 - 00085504 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\imageformats\qsvg4.dll
2011-01-19 14:28 - 2012-11-13 11:08 - 00388096 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\imageformats\qtiff4.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{6C1B9923-3E25-4969-9197-B8C4B0E2AFFA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7D586DDD-38C7-4C10-884C-75BD326CFC1C}] => (Allow) LPort=2869
FirewallRules: [{D0C95B00-5989-44AC-BCC5-B9DF5C819582}] => (Allow) LPort=1900
FirewallRules: [{F6ECF5E7-2582-4C99-8683-BDC357FAE558}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1FD80A6B-691F-446B-AF9E-51C7E0C8F1A1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{4A6BDBFE-97AB-492B-9701-F81DA00F7F26}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{B651E15A-B450-49B3-A318-7EBB6D36D81F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{5C797FF2-A715-4399-A2F6-023B663E52EF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{4B9BAE94-BFB7-48E8-8CC7-00DF04292632}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{0668B53D-874E-4B24-A3CD-85CD30E5C29D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{204653B6-C71E-435D-8DEC-A47588EED56E}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [TCP Query User{FFC40B2E-F5AB-4835-B8C2-9C2EA0851DD0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{38DED55A-1D81-4CFC-BA9E-997E9DBB369B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{114397FA-A7BD-4F48-8940-B5E7A60C3410}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{31DD95D4-B47F-4B18-B3D3-8B7B4AE49890}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{9D0D4E87-B127-406E-BF48-EC83280E14DF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C63ADA34-684B-434A-A164-D40FBF8CE7E5}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{2D92BA77-EA82-40A8-BAAF-97CF8D292C44}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{BB82BC7A-9D88-4A70-926E-B3CB184581BE}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{4A19FCA1-B6E1-4159-94A0-79028C5B4FD2}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{41966BD4-005D-4844-B5D1-4B6F1347AA78}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{FE9D9389-FB37-4650-9A6E-3B915775ADF7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D9F0B515-31BD-4A9F-9CE6-1BC6A47C1753}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/12/2015 02:26:41 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/12/2015 00:45:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/12/2015 00:44:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/12/2015 00:43:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/12/2015 11:32:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/12/2015 11:32:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/12/2015 11:31:59 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/11/2015 10:36:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/11/2015 10:35:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/11/2015 10:35:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
System errors:
=============
Error: (05/12/2015 00:50:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/12/2015 00:50:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/12/2015 00:50:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/12/2015 00:50:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/12/2015 00:50:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NTI IScheduleSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/12/2015 00:50:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GREGService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/12/2015 00:50:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Acer ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/12/2015 00:50:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dritek WMI Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/12/2015 00:50:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Conexant Audio Message Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/12/2015 00:50:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (05/12/2015 02:26:41 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (05/12/2015 00:45:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/12/2015 00:44:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/12/2015 00:43:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/12/2015 11:32:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/12/2015 11:32:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/12/2015 11:31:59 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/11/2015 10:36:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/11/2015 10:35:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/11/2015 10:35:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
CodeIntegrity Errors:
===================================
Date: 2015-05-11 18:16:58.324
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-11 18:16:58.320
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-11 18:16:58.309
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-30 23:53:38.203
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-11-30 23:53:38.000
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD E-350 Processor
Percentage of memory in use: 60%
Total physical RAM: 2794.9 MB
Available physical RAM: 1109.3 MB
Total Pagefile: 5587.98 MB
Available Pagefile: 3220.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:282.99 GB) (Free:194.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 73F766B1)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
12.05.2015, 18:23
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Laptop wirkt verlangsamt und allgemeiner Check FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\Kerstin\CTX.DAT
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2015, 19:46
| #11 |
| | Windows 7: Laptop wirkt verlangsamt und allgemeiner CheckCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Kerstin at 2015-05-12 20:35:01 Run:1
Running from C:\Users\Kerstin\Desktop
Loaded Profiles: Kerstin (Available profiles: Kerstin)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\Kerstin\CTX.DAT
EmptyTemp:
*****************
"HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Users\Kerstin\CTX.DAT => Moved successfully.
EmptyTemp: => Removed 3.3 GB temporary data.
The system needed a reboot.
==== End of Fixlog 20:37:22 ====
|
|
12.05.2015, 20:51
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Laptop wirkt verlangsamt und allgemeiner Check Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2015, 22:12
| #13 |
| | Windows 7: Laptop wirkt verlangsamt und allgemeiner CheckCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 12.05.2015 Suchlauf-Zeit: 21:56:14 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.05.12.06 Rootkit Datenbank: v2015.04.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Kerstin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 356691 Verstrichene Zeit: 37 Min, 45 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
|
13.05.2015, 12:37
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Laptop wirkt verlangsamt und allgemeiner Check Gut. Was ist mit ESET?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.05.2015, 21:59
| #15 |
| | Windows 7: Laptop wirkt verlangsamt und allgemeiner Check sorry, dass es gedauert hat, aber hatte erst jetzt die zeit für den scan. eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=03892e16f7223142b01ccf8f80d8516d
# engine=23879
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-16 03:55:29
# local_time=2015-05-16 05:55:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 58044004 183421579 0 0
# scanned=28
# found=0
# cleaned=0
# scan_time=14
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=03892e16f7223142b01ccf8f80d8516d
# engine=23879
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-16 08:18:18
# local_time=2015-05-16 10:18:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 58059773 183437348 0 0
# scanned=266121
# found=3
# cleaned=0
# scan_time=15286
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Kerstin\Desktop\Downloads\FreeYouTubeToMP3Converter.exe"
sh=43373685D4139E7F56EDAC283C1332F3043379AB ft=1 fh=4e0ad01fe1bb26e0 vn="Variante von Win32/OutBrowse.CB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin\Downloads\setup.exe"
|
|
| Themen zu Windows 7: Laptop wirkt verlangsamt und allgemeiner Check |
| adobe, branding, browser, combofix, defender, desktop, error, explorer, flash player, google, home, homepage, launch, mozilla, msiexec.exe, phishing, registry, rundll, scan, security, services.exe, siteadvisor, software, svchost.exe, system, temp, usb, windows |
Linear-Darstellung
