|
Log-Analyse und Auswertung: Windows 8.1: Nur Verknüpfungen auf USB-StickWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.04.2015, 14:47 | #1 |
| Windows 8.1: Nur Verknüpfungen auf USB-Stick Hallo zusammen, seit kurzem habe ich das Problem, dass beim Kopieren von Dateien auf USB-Speichersticks Verknüpfungen angelegt und die Dateien selbst versteckt werden. Es werden also nur noch Verknüpfungen angezeigt. Klickt man diese an, öffnet sich für einen kurzen Moment die Windows-Konsole und dann die entsprechende Zieldatei. Anbei die nach der Anleitung erstellten Logfiles. Beim Start von GMER und nach Beginn des Scanvorgangs erschien die Meldung "C:\WINDOWS\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird." und dann "C:\Users\Rüdiger\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird." Dabei habe ich mich an die Anleitung gehalten, also alle Programme beendet, die Internetverbindung getrennt und den Virenscanner deaktiviert. Vielen Dank für eure Mühe. defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:26 on 12/04/2015 (Rüdiger) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2015 Ran by Rüdiger (administrator) on DELL on 12-04-2015 13:27:54 Running from C:\Users\Rüdiger\Desktop Loaded Profiles: Rüdiger (Available profiles: Rüdiger & Veronika) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureDLNA.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Logitech, Inc.) C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe () C:\Program Files (x86)\DELL\Dell Wireless Keyboard Software\CDCtr.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-21] (Logitech, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [CDEjectCtr] => C:\Program Files (x86)\Dell\Dell Wireless Keyboard Software\CDCtr.exe [411648 2012-11-15] () HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179928 2013-01-03] (cyberlink) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Atheros Communications)) HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Run: [Spotify Web Helper] => C:\Users\Rüdiger\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-19] (Spotify Ltd) HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Run: [Spotify] => C:\Users\Rüdiger\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-19] (Spotify Ltd) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cv act sc interface RegisterTool.lnk ShortcutTarget: cv act sc interface RegisterTool.lnk -> C:\Program Files (x86)\cv cryptovision\cv act sc interface\RegisterTool.exe (cv cryptovision GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) Startup: C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.vbs () ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-940551628-579839441-176653918-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-940551628-579839441-176653918-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-940551628-579839441-176653918-1002 -> {077112E3-3061-432A-88B6-E880170999AB} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation) Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-06-26] (pdfforge GmbH) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Hosts: 192.168.2.126 Dell Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Rüdiger\AppData\Roaming\Mozilla\Firefox\Profiles\yvmhdylz.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-06-26] (pdfforge GmbH) FF Extension: Avira Browser Safety - C:\Users\Rüdiger\AppData\Roaming\Mozilla\Firefox\Profiles\yvmhdylz.default\Extensions\abs@avira.com [2015-04-02] FF Extension: DownThemAll! - C:\Users\Rüdiger\AppData\Roaming\Mozilla\Firefox\Profiles\yvmhdylz.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-09-06] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-09-22] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245888 2013-01-02] (CyberLink) R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [135168 2013-09-13] () [File not signed] R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.) S4 fetdaemon; C:\Program Files (x86)\PDS Programm + Datenservice GmbH\FET-X\fetd\srvany.exe [13312 1997-05-15] () [File not signed] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [579072 2013-12-11] (Hauppauge Computer Works) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [179688 2013-01-19] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-06-26] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH) R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [497664 2013-01-31] () [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-22] (SoftThinks SAS) S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3203440 2013-01-31] (Qualcomm Atheros, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG) S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-01-31] (Qualcomm Atheros, Inc.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [32768 2008-10-24] (CSR) S3 cxbu0x64; C:\Windows\system32\DRIVERS\cxbu0x64.sys [147576 2014-04-05] (HID Global Corporation) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-31] (Dell Computer Corporation) S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2014-01-12] (Hauppauge Computer Works, Inc.) S3 hcw95rc; C:\Windows\system32\DRIVERS\hcw95rc.sys [19840 2014-01-12] (Hauppauge Computer Works, Inc.) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [20968 2013-01-19] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [19944 2013-01-19] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-01-19] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73984 2014-06-16] (Identive) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-04-12] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-12 13:27 - 2015-04-12 13:28 - 00024516 _____ () C:\Users\Rüdiger\Desktop\FRST.txt 2015-04-12 13:27 - 2015-04-12 13:27 - 02095616 _____ (Farbar) C:\Users\Rüdiger\Desktop\FRST64.exe 2015-04-12 13:23 - 2015-04-12 13:26 - 00000476 _____ () C:\Users\Rüdiger\Desktop\defogger_disable.log 2015-04-12 13:23 - 2015-04-12 13:23 - 00050477 _____ () C:\Users\Rüdiger\Desktop\Defogger.exe 2015-04-12 13:23 - 2015-04-12 13:23 - 00000000 _____ () C:\Users\Rüdiger\defogger_reenable 2015-04-12 12:51 - 2015-04-12 12:51 - 00000000 ___RD () C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-04-12 12:50 - 2015-04-12 12:50 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp 2015-04-11 12:51 - 2015-04-11 12:51 - 00000000 ____D () C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid 2015-04-11 12:51 - 2015-04-11 12:51 - 00000000 ____D () C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid 2015-04-11 12:50 - 2015-04-11 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-04-05 17:41 - 2015-04-12 13:27 - 00000000 ____D () C:\FRST 2015-04-05 14:22 - 2015-04-05 14:22 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-DELL-Windows-8.1-(64-bit).dat 2015-04-05 14:22 - 2015-04-05 14:22 - 00000000 ____D () C:\RegBackup 2015-04-05 14:17 - 2015-04-05 14:17 - 00000000 ____D () C:\AdwCleaner 2015-04-05 14:02 - 2015-04-05 14:02 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-04-05 14:01 - 2015-04-05 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-05 14:01 - 2015-04-05 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-05 14:01 - 2015-04-05 14:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-05 14:01 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-04-05 14:01 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-04-05 14:01 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-04-05 13:59 - 2015-04-05 13:59 - 00003108 _____ () C:\WINDOWS\System32\Tasks\PandaUSBVaccine 2015-04-05 13:59 - 2015-04-05 13:59 - 00000000 ____D () C:\ProgramData\Panda Security 2015-04-05 13:59 - 2015-04-05 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2015-04-05 13:59 - 2015-04-05 13:59 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine 2015-04-05 13:14 - 2015-04-05 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-05 12:26 - 2015-04-05 12:26 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX 2015-04-05 12:26 - 2015-04-05 12:26 - 00000000 ___SD () C:\WINDOWS\system32\GWX 2015-03-26 00:56 - 2015-03-26 00:56 - 00035005 _____ () C:\Users\Rüdiger\AppData\Local\recently-used.xbel 2015-03-25 18:51 - 2015-03-25 18:51 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\naviextras 2015-03-25 18:50 - 2015-03-25 18:50 - 14225936 _____ (NNG Llc.) C:\Users\Rüdiger\Downloads\Naviextras_Toolbox_Setup.exe 2015-03-25 18:50 - 2015-03-25 18:50 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Naviextras 2015-03-25 18:50 - 2015-03-25 18:50 - 00000000 ____D () C:\Program Files (x86)\Naviextras 2015-03-21 19:04 - 2015-04-12 13:12 - 00005126 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DELL-Rüdiger Dell 2015-03-15 20:21 - 2015-03-15 20:21 - 00000000 ____D () C:\Users\Rüdiger\AppData\Local\IsolatedStorage ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-12 13:23 - 2014-01-07 19:00 - 00000000 ____D () C:\Users\Rüdiger 2015-04-12 13:11 - 2014-01-07 18:57 - 01633647 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-12 13:11 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-12 13:11 - 2013-11-14 09:11 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat 2015-04-12 13:11 - 2013-11-14 09:11 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat 2015-04-12 13:05 - 2014-07-15 21:33 - 00000000 ____D () C:\Users\Rüdiger\Desktop\Bob 2015-04-12 13:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-04-12 12:58 - 2013-12-06 22:41 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-04-12 12:55 - 2014-01-06 12:39 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-940551628-579839441-176653918-1002 2015-04-12 12:51 - 2014-01-07 19:15 - 00000000 __RDO () C:\Users\Rüdiger\SkyDrive 2015-04-12 12:51 - 2013-12-06 22:29 - 00000000 ____D () C:\ProgramData\Bigfoot Networks 2015-04-12 12:50 - 2014-01-07 18:57 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-12 12:50 - 2013-12-06 22:34 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys 2015-04-12 12:50 - 2013-11-14 00:18 - 00401862 _____ () C:\WINDOWS\PFRO.log 2015-04-12 12:50 - 2013-08-22 16:46 - 00373296 _____ () C:\WINDOWS\setupact.log 2015-04-12 12:50 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-11 14:04 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-04-11 13:12 - 2015-01-18 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-04-11 13:12 - 2015-01-18 15:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-04-11 13:12 - 2014-01-12 19:14 - 00000000 ____D () C:\ProgramData\Package Cache 2015-04-11 12:51 - 2014-04-18 20:11 - 00000000 ____D () C:\Program Files (x86)\Garmin 2015-04-11 12:50 - 2014-04-18 20:11 - 00003556 _____ () C:\WINDOWS\System32\Tasks\GarminUpdaterTask 2015-04-11 12:50 - 2014-04-18 20:11 - 00000000 ____D () C:\ProgramData\Garmin 2015-04-11 12:47 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-04-06 19:52 - 2014-04-27 15:08 - 00000000 ____D () C:\Users\Rüdiger\AppData\Local\Teasi 2015-04-05 15:45 - 2014-05-19 11:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-05 14:16 - 2014-08-12 21:26 - 00221696 ___SH () C:\Users\Rüdiger\Downloads\Thumbs.db 2015-04-05 12:26 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-04-04 14:54 - 2014-10-30 21:04 - 00000000 ____D () C:\Users\Rüdiger\AppData\Local\Spotify 2015-04-04 11:18 - 2014-10-30 20:59 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\Spotify 2015-04-01 22:21 - 2014-01-15 22:38 - 00536064 ___SH () C:\Users\Rüdiger\Desktop\Thumbs.db 2015-03-29 16:00 - 2014-09-21 15:12 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\Notepad++ 2015-03-27 09:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-03-26 00:31 - 2014-09-21 16:35 - 00000000 ____D () C:\Users\Rüdiger\Desktop\www 2015-03-23 17:04 - 2015-01-18 15:04 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\Avira 2015-03-23 17:04 - 2015-01-18 15:01 - 00000000 ____D () C:\ProgramData\Avira 2015-03-21 19:06 - 2014-01-06 12:31 - 00000000 ____D () C:\Users\Rüdiger\AppData\Local\Packages 2015-03-19 15:59 - 2015-02-12 17:59 - 00000000 ____D () C:\ProgramData\SupportAssistAgent 2015-03-17 20:46 - 2014-01-07 19:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-03-15 19:55 - 2014-09-12 02:09 - 00000000 ___HD () C:\ProgramData\CanonIJMIG 2015-03-14 15:29 - 2014-02-14 12:58 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-14 15:29 - 2014-01-07 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 ==================== Files in the root of some directories ======= 2015-03-26 00:56 - 2015-03-26 00:56 - 0035005 _____ () C:\Users\Rüdiger\AppData\Local\recently-used.xbel 2014-01-07 18:57 - 2014-01-07 18:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-12-06 22:37 - 2013-12-06 22:38 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-12-06 22:35 - 2013-12-06 22:36 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-12-06 22:36 - 2013-12-06 22:36 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-12-06 22:35 - 2013-12-06 22:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-12-06 22:36 - 2013-12-06 22:37 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some content of TEMP: ==================== C:\Users\Rüdiger\AppData\Local\Temp\avgnt.exe C:\Users\Rüdiger\AppData\Local\Temp\COMAP.EXE C:\Users\Rüdiger\AppData\Local\Temp\npp.6.7.4.Installer.exe C:\Users\Rüdiger\AppData\Local\Temp\npp.6.7.5.Installer.exe C:\Users\Rüdiger\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Rüdiger\AppData\Local\Temp\nvStInst.exe C:\Users\Rüdiger\AppData\Local\Temp\Quarantine.exe C:\Users\Rüdiger\AppData\Local\Temp\sqlite3.dll C:\Users\Rüdiger\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-05 12:25 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2015 Ran by Rüdiger at 2015-04-12 13:28:16 Running from C:\Users\Rüdiger\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG) Bluefish 2.2.5 (HKLM-x32\...\Bluefish) (Version: 2.2.5 - The Bluefish Developers) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - ) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.) CanoScan 8800F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805) (Version: - ) cv act sc/interface - Admin Edition (64-Bit) (HKLM\...\{05A84E0B-67C4-4ACA-8CAD-F62673D4C194}) (Version: 6.0.15 - cv cryptovision GmbH) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Dell Inc.) Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell) Dell Wireless Keyboard Software (HKLM-x32\...\{00A73CE4-4595-420A-8E6E-8495EE481584}) (Version: 1.1.0.0 - Dell) DELLOSD (HKLM-x32\...\{594E7534-5ECB-4FAC-B26F-583B0CFCBCEC}) (Version: 1.00.0007 - DELL) Elevated Installer (x32 Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden FET-X (HKLM-x32\...\{AC85CC28-E396-48B4-83C2-860AE9D02E86}) (Version: 4.09.01 - PDS Programm + Datenservice GmbH) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Garmin Express (HKLM-x32\...\{01b90f4a-c495-47c4-a33b-1391f41398ce}) (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Git version 1.9.4-preview20140815 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140815 - The Git Development Community) Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.31347 (CD 3.2) - Hauppauge Computer Works) HOTINT (HKLM-x32\...\{CFF61242-A6B8-4FBE-B631-1FBE67A712EE}) (Version: 1.2.41 - Gerstmayr-Inst.TMech.JKU-LCM-ACCM) ImageMagick 6.8.9-10 Q16 (64-bit) (2014-11-15) (HKLM\...\ImageMagick 6.8.9 Q16 (64-bit)_is1) (Version: 6.8.9 - ImageMagick Studio LLC) Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{C0D2F973-0203-4F63-BCDC-63A53777B8F4}) (Version: 4.0.40.2011 - Intel) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle) LibreOffice 4.3.3.2 (HKLM-x32\...\{87C753BB-81E3-403B-BD87-6293F870B20B}) (Version: 4.3.3.2 - The Document Foundation) Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech) Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-940551628-579839441-176653918-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla) Naviextras Toolbox (HKLM-x32\...\Naviextras Toolbox) (Version: 3.18.3.412849 - NNG Llc.) Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.) Node.js (HKLM\...\{2FAE4331-AEA0-4A3D-B4B3-B1E78823BF1A}) (Version: 0.10.32 - Joyent, Inc. and other Node contributors) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security) PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH) PDF Architect 2 Create Module (x32 Version: 2.0.17.17583 - pdfforge GmbH) Hidden PDF Architect 2 Edit Module (x32 Version: 2.0.17.17583 - pdfforge GmbH) Hidden PDF Architect 2 View Module (x32 Version: 2.0.17.17583 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.5 - pdfforge) Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications) Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.537 - Qualcomm Atheros) Qualcomm Atheros Killer Network Manager (Version: 6.1.0.537 - Qualcomm Atheros) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform) Scribus 1.4.4 (64bit) (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team) Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden Spotify (HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB) SRC System™ Upgrades S2_C3PRO (HKLM-x32\...\{74260392-BC12-4E2C-B6B5-537C702A1BEF}) (Version: 4.1.2 - SRC Systems) TEASI tool Version 3.3.4.1 (HKLM-x32\...\{805FBA43-88AB-4E02-A16C-560F7D0D7CD5}_is1) (Version: 3.3.4.1 - GPS Tuner) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-940551628-579839441-176653918-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-940551628-579839441-176653918-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Rüdiger\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-940551628-579839441-176653918-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Rüdiger\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-940551628-579839441-176653918-1002_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll () CustomCLSID: HKU\S-1-5-21-940551628-579839441-176653918-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Rüdiger\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-940551628-579839441-176653918-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Rüdiger\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 14-03-2015 15:28:41 Windows Update 23-03-2015 20:01:56 Geplanter Prüfpunkt 05-04-2015 12:25:59 Windows Update 11-04-2015 12:50:26 Garmin Express ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2014-01-10 11:01 - 00000843 ____A C:\WINDOWS\system32\Drivers\etc\hosts 192.168.2.126 Dell ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0134676C-0AD6-41B2-BECF-70049005B0AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {0525CBF7-55B3-4E33-9550-C3BC736F07C0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {0F087CB1-3B48-4671-922E-7DA09292D58F} - System32\Tasks\{01BBC300-B8CD-4D2A-B936-BA328D2319E6} => pcalua.exe -a "C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe" -c Uninst.ini uinstrsc.dll Task: {2606EEA8-9B91-4AF6-BD3F-3768FD12D51A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.) Task: {3DF819CA-1509-4521-90B4-F457E0138C78} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe Task: {500F4F8B-8652-41C3-BB63-7807D696F53F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {58BD74EA-F329-43AF-A75A-BCBFF3C6C076} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {61C3FE83-4123-4E38-9B8B-94CA67095DDD} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.) Task: {62C2843B-4100-4521-B6AA-C3AC5E9617BC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.) Task: {70B24B1F-1505-40E3-A922-F4726FC2953B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {942A37E3-3DEE-4B48-8489-2C6771F4FE7C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.) Task: {9A27AADF-00E7-47B7-8CF3-8275A483BFD2} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {A9A6B9D8-1991-4FA8-8299-E0D86A6FA54C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {A9DAAC5E-7086-4F09-A955-B17167253634} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {BE3888B2-DE7D-4E54-9285-F530C7A4BA58} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-10] (Microsoft Corporation) Task: {D207554A-751C-4C04-8580-2AEFE4020BD7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {DF2F1722-B4DB-4501-84B7-8D7F4BC09799} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink) Task: {E4E8F522-29AA-4873-AF77-F3B45D41BB27} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DELL-Rüdiger Dell => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation) Task: {F29AD5CA-408F-44B8-AAD9-C026A050B32B} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] () ==================== Loaded Modules (whitelisted) ============== 2013-12-26 07:12 - 2014-12-13 12:08 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-01-07 18:57 - 2014-12-13 10:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-03-22 15:33 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-12-06 22:27 - 2013-09-13 18:32 - 00135168 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe 2013-01-19 01:24 - 2013-01-19 01:24 - 00179688 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-01-19 01:24 - 2013-01-19 01:24 - 00060392 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-01-31 12:49 - 2013-01-31 12:49 - 00497664 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe 2011-05-09 20:46 - 2011-05-09 20:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll 2011-05-09 20:56 - 2011-05-09 20:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll 2011-05-09 20:47 - 2011-05-09 20:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll 2013-01-31 12:49 - 2013-01-31 12:49 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll 2011-05-09 20:48 - 2011-05-09 20:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll 2011-05-10 12:32 - 2011-05-10 12:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll 2013-12-06 22:36 - 2012-04-25 04:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2013-12-06 22:42 - 2013-08-19 11:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2013-12-06 22:42 - 2013-08-19 11:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2013-12-06 22:42 - 2013-08-19 11:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll 2014-09-21 15:43 - 2014-08-15 18:33 - 00736962 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll 2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2013-12-06 22:27 - 2013-09-13 18:32 - 00544768 _____ () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe 2013-12-21 01:02 - 2014-10-03 18:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe 2012-12-28 13:07 - 2012-12-28 13:07 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2012-12-28 13:04 - 2012-12-28 13:04 - 00084480 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2012-12-28 13:09 - 2012-12-28 13:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2013-12-06 22:28 - 2012-11-15 16:35 - 00411648 _____ () C:\Program Files (x86)\DELL\Dell Wireless Keyboard Software\CDCtr.exe 2013-01-31 12:49 - 2013-01-31 12:49 - 00553984 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe 2013-01-31 12:49 - 2013-01-31 12:49 - 00404992 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modApplications.dll 2013-01-31 12:49 - 2013-01-31 12:49 - 00036864 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFeatures.dll 2013-01-31 12:49 - 2013-01-31 12:49 - 00025088 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFraps.dll 2013-01-31 12:49 - 2013-01-31 12:49 - 00240128 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modGraph.dll 2013-01-31 12:49 - 2013-01-31 12:49 - 00062464 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modlcd.dll 2013-01-31 12:49 - 2013-01-31 12:49 - 00291328 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll 2013-01-31 12:49 - 2013-01-31 12:49 - 00184832 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNpu.dll 2013-01-31 12:49 - 2013-01-31 12:49 - 00211456 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOptions.dll 2013-01-31 12:49 - 2013-01-31 12:49 - 00064000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOverview.dll 2013-01-31 12:49 - 2013-01-31 12:49 - 00317440 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modSystemInfo.dll 2013-12-06 22:42 - 2013-11-22 00:22 - 00484880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe 2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-01-12 19:13 - 2011-08-23 11:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll 2013-12-26 07:12 - 2014-12-13 12:08 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2013-12-06 22:28 - 2012-11-15 17:07 - 00061440 _____ () C:\Program Files (x86)\DELL\Dell Wireless Keyboard Software\CDCTR.DLL 2013-12-06 22:35 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-11-24 12:39 - 2014-11-24 12:39 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2013-12-06 22:27 - 2013-01-24 03:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2013-12-20 22:32 - 2013-11-21 22:00 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2013-12-06 22:42 - 2012-11-26 00:20 - 01153384 ____N () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2013-12-06 22:42 - 2012-11-26 00:20 - 00117608 ____N () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Rüdiger\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Veronika\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-940551628-579839441-176653918-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "WinTV Recording Status.lnk" HKLM\...\StartupApproved\StartupFolder: => "cv act sc interface RegisterTool.lnk" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKU\S-1-5-21-940551628-579839441-176653918-1002\...\StartupApproved\Run: => "GarminExpressTrayApp" HKU\S-1-5-21-940551628-579839441-176653918-1002\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-940551628-579839441-176653918-1002\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Accounts: ============================= Administrator (S-1-5-21-940551628-579839441-176653918-500 - Administrator - Disabled) Gast (S-1-5-21-940551628-579839441-176653918-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-940551628-579839441-176653918-1006 - Limited - Enabled) Rüdiger (S-1-5-21-940551628-579839441-176653918-1002 - Administrator - Enabled) => C:\Users\Rüdiger Veronika (S-1-5-21-940551628-579839441-176653918-1007 - Limited - Enabled) => C:\Users\Veronika ==================== Faulty Device Manager Devices ============= Name: Bluetooth Audio Device Description: Bluetooth Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Service: BTATH_A2DP Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Virtual Bluetooth Support (Include Audio) Description: Virtual Bluetooth Support (Include Audio) Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: AthBTPort Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Bluetooth LWFLT Device Description: Bluetooth LWFLT Device Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: BTATH_LWFLT Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (04/11/2015 01:16:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 56328 Error: (04/11/2015 01:16:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 56328 Error: (04/11/2015 01:16:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/11/2015 01:16:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 40703 Error: (04/11/2015 01:16:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 40703 Error: (04/11/2015 01:16:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/11/2015 01:16:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 27594 Error: (04/11/2015 01:16:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 27594 Error: (04/11/2015 01:16:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/11/2015 01:15:53 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 14125 System errors: ============= Error: (04/12/2015 00:50:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Dell SupportAssist Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/12/2015 00:50:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Dell SupportAssist Agent erreicht. Error: (04/11/2015 01:16:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AudioEndpointBuilder erreicht. Error: (04/11/2015 01:16:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WlanSvc erreicht. Error: (04/11/2015 00:50:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/10/2015 01:17:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AudioEndpointBuilder erreicht. Error: (04/10/2015 01:16:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WlanSvc erreicht. Error: (04/09/2015 03:49:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AudioEndpointBuilder erreicht. Error: (04/09/2015 03:49:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WlanSvc erreicht. Error: (04/08/2015 04:31:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AudioEndpointBuilder erreicht. Microsoft Office Sessions: ========================= Error: (04/11/2015 01:16:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 56328 Error: (04/11/2015 01:16:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 56328 Error: (04/11/2015 01:16:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/11/2015 01:16:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 40703 Error: (04/11/2015 01:16:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 40703 Error: (04/11/2015 01:16:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/11/2015 01:16:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 27594 Error: (04/11/2015 01:16:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 27594 Error: (04/11/2015 01:16:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/11/2015 01:15:53 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 14125 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz Percentage of memory in use: 16% Total physical RAM: 16301.96 MB Available physical RAM: 13621.04 MB Total Pagefile: 18733.96 MB Available Pagefile: 15795.13 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1849.07 GB) (Free:1729.17 GB) NTFS Drive x: () (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:12.47 GB) (Free:0.71 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: B38AAE47) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-04-12 13:58:30 Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\00000037 rev.CC72 1863,01GB Running: ro8k7t18.exe; Driver: C:\Users\RDIGER~1\AppData\Local\Temp\fxldapod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 960 fffff803d23e2700 61 bytes [80, CA, A9, FF, 82, 19, B1, ...] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [520:532] fffff960008a82d0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
12.04.2015, 16:25 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 8.1: Nur Verknüpfungen auf USB-StickMein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Ich nehme an, Du hast mit Panda-USB-Vaccine bereits Deinen PC geimpft? Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses: Startup: C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.vbs () SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-940551628-579839441-176653918-1002 -> {077112E3-3061-432A-88B6-E880170999AB} URL =
Schritt 2 Alle "infizierten" Sticks an den PC anstecken und einen ESET-Scan durchführen. Wichtig: Bitte unter "Computer-Prüfeinstellungen/...zu prüfende Objekte" die checkbox bei Computer setzen. ESET Online Scanner
__________________ |
12.04.2015, 18:27 | #3 |
| Windows 8.1: Nur Verknüpfungen auf USB-Stick Vielen Dank für die schnelle Rückmeldung!
__________________Ja, Panda-USB-Vaccine ist installiert und weist den PC als geimpft aus. Hier die Log-Dateien: Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015 Ran by Rüdiger at 2015-04-12 17:48:02 Run:1 Running from C:\Users\Rüdiger\Desktop Loaded Profiles: Rüdiger (Available profiles: Rüdiger & Veronika) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: Startup: C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.vbs () SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-940551628-579839441-176653918-1002 -> {077112E3-3061-432A-88B6-E880170999AB} URL = ***************** Processes closed successfully. C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.vbs => Moved successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-940551628-579839441-176653918-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{077112E3-3061-432A-88B6-E880170999AB}" => Key deleted successfully. HKCR\CLSID\{077112E3-3061-432A-88B6-E880170999AB} => Key not found. The system needed a reboot. ==== End of Fixlog 17:48:02 ==== Code:
ATTFilter ESETSmartInstaller@High as downloader log: Can not read file from internet.ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=e47c22308742574d902578e28b83ba93 # engine=23334 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-04-12 05:07:58 # local_time=2015-04-12 07:07:58 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 2755524 53739771 0 0 # scanned=384091 # found=0 # cleaned=0 # scan_time=3596 |
12.04.2015, 18:40 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 8.1: Nur Verknüpfungen auf USB-Stick Schritt 1 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs. Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
12.04.2015, 19:05 | #5 |
| Windows 8.1: Nur Verknüpfungen auf USB-Stick FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015 Ran by Rüdiger (administrator) on DELL on 12-04-2015 19:58:22 Running from C:\Users\Rüdiger\Desktop Loaded Profiles: Rüdiger (Available profiles: Rüdiger & Veronika) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Dell Inc.) C:\Program Files (x86)\DELL\SupportAssistAgent\bin\SupportAssistAgent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureDLNA.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Logitech, Inc.) C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe () C:\Program Files (x86)\DELL\Dell Wireless Keyboard Software\CDCtr.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-21] (Logitech, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [CDEjectCtr] => C:\Program Files (x86)\Dell\Dell Wireless Keyboard Software\CDCtr.exe [411648 2012-11-15] () HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179928 2013-01-03] (cyberlink) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Atheros Communications)) HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Run: [Spotify Web Helper] => C:\Users\Rüdiger\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-19] (Spotify Ltd) HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Run: [Spotify] => C:\Users\Rüdiger\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-19] (Spotify Ltd) HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Run: [system] => wscript.exe //B "C:\Users\RDIGER~1\AppData\Local\Temp\system.vbs" <===== ATTENTION HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cv act sc interface RegisterTool.lnk ShortcutTarget: cv act sc interface RegisterTool.lnk -> C:\Program Files (x86)\cv cryptovision\cv act sc interface\RegisterTool.exe (cv cryptovision GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) Startup: C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.vbs () ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-940551628-579839441-176653918-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-940551628-579839441-176653918-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation) Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-06-26] (pdfforge GmbH) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Hosts: 192.168.2.126 Dell Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Rüdiger\AppData\Roaming\Mozilla\Firefox\Profiles\yvmhdylz.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-06-26] (pdfforge GmbH) FF Extension: Avira Browser Safety - C:\Users\Rüdiger\AppData\Roaming\Mozilla\Firefox\Profiles\yvmhdylz.default\Extensions\abs@avira.com [2015-04-02] FF Extension: DownThemAll! - C:\Users\Rüdiger\AppData\Roaming\Mozilla\Firefox\Profiles\yvmhdylz.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-09-06] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-09-22] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245888 2013-01-02] (CyberLink) R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [135168 2013-09-13] () [File not signed] R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.) S4 fetdaemon; C:\Program Files (x86)\PDS Programm + Datenservice GmbH\FET-X\fetd\srvany.exe [13312 1997-05-15] () [File not signed] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [579072 2013-12-11] (Hauppauge Computer Works) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [179688 2013-01-19] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-06-26] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH) R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [497664 2013-01-31] () [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-22] (SoftThinks SAS) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3203440 2013-01-31] (Qualcomm Atheros, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG) S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-01-31] (Qualcomm Atheros, Inc.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [32768 2008-10-24] (CSR) S3 cxbu0x64; C:\Windows\system32\DRIVERS\cxbu0x64.sys [147576 2014-04-05] (HID Global Corporation) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-31] (Dell Computer Corporation) S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2014-01-12] (Hauppauge Computer Works, Inc.) S3 hcw95rc; C:\Windows\system32\DRIVERS\hcw95rc.sys [19840 2014-01-12] (Hauppauge Computer Works, Inc.) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [20968 2013-01-19] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [19944 2013-01-19] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-01-19] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73984 2014-06-16] (Identive) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-04-12] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-12 17:59 - 2015-04-12 17:59 - 02347384 _____ (ESET) C:\Users\Rüdiger\Desktop\esetsmartinstaller_deu.exe 2015-04-12 17:51 - 2015-04-12 17:51 - 00000000 ___RD () C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-04-12 17:49 - 2015-04-12 17:49 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp 2015-04-12 17:47 - 2015-04-12 17:47 - 00000000 ____D () C:\Users\Rüdiger\Desktop\FRST-OlderVersion 2015-04-12 13:58 - 2015-04-12 13:58 - 00000681 _____ () C:\Users\Rüdiger\Desktop\Gmer.log 2015-04-12 13:29 - 2015-04-12 13:29 - 00380416 _____ () C:\Users\Rüdiger\Desktop\ro8k7t18.exe 2015-04-12 13:28 - 2015-04-12 13:28 - 00035618 _____ () C:\Users\Rüdiger\Desktop\Addition.txt 2015-04-12 13:27 - 2015-04-12 19:58 - 00024582 _____ () C:\Users\Rüdiger\Desktop\FRST.txt 2015-04-12 13:27 - 2015-04-12 17:47 - 02096640 _____ (Farbar) C:\Users\Rüdiger\Desktop\FRST64.exe 2015-04-12 13:23 - 2015-04-12 13:26 - 00000476 _____ () C:\Users\Rüdiger\Desktop\defogger_disable.log 2015-04-12 13:23 - 2015-04-12 13:23 - 00050477 _____ () C:\Users\Rüdiger\Desktop\Defogger.exe 2015-04-12 13:23 - 2015-04-12 13:23 - 00000000 _____ () C:\Users\Rüdiger\defogger_reenable 2015-04-11 12:51 - 2015-04-11 12:51 - 00000000 ____D () C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid 2015-04-11 12:51 - 2015-04-11 12:51 - 00000000 ____D () C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid 2015-04-11 12:50 - 2015-04-11 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-04-05 17:41 - 2015-04-12 19:58 - 00000000 ____D () C:\FRST 2015-04-05 14:22 - 2015-04-05 14:22 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-DELL-Windows-8.1-(64-bit).dat 2015-04-05 14:22 - 2015-04-05 14:22 - 00000000 ____D () C:\RegBackup 2015-04-05 14:17 - 2015-04-05 14:17 - 00000000 ____D () C:\AdwCleaner 2015-04-05 14:02 - 2015-04-05 14:02 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-04-05 14:01 - 2015-04-05 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-05 14:01 - 2015-04-05 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-05 14:01 - 2015-04-05 14:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-05 14:01 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-04-05 14:01 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-04-05 14:01 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-04-05 13:59 - 2015-04-05 13:59 - 00003108 _____ () C:\WINDOWS\System32\Tasks\PandaUSBVaccine 2015-04-05 13:59 - 2015-04-05 13:59 - 00000000 ____D () C:\ProgramData\Panda Security 2015-04-05 13:59 - 2015-04-05 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2015-04-05 13:59 - 2015-04-05 13:59 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine 2015-04-05 13:14 - 2015-04-05 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-05 12:26 - 2015-04-05 12:26 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX 2015-04-05 12:26 - 2015-04-05 12:26 - 00000000 ___SD () C:\WINDOWS\system32\GWX 2015-03-26 00:56 - 2015-03-26 00:56 - 00035005 _____ () C:\Users\Rüdiger\AppData\Local\recently-used.xbel 2015-03-25 18:51 - 2015-03-25 18:51 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\naviextras 2015-03-25 18:50 - 2015-03-25 18:50 - 14225936 _____ (NNG Llc.) C:\Users\Rüdiger\Downloads\Naviextras_Toolbox_Setup.exe 2015-03-25 18:50 - 2015-03-25 18:50 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Naviextras 2015-03-25 18:50 - 2015-03-25 18:50 - 00000000 ____D () C:\Program Files (x86)\Naviextras 2015-03-21 19:04 - 2015-04-12 18:02 - 00005128 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DELL-Rüdiger Dell 2015-03-15 20:21 - 2015-03-15 20:21 - 00000000 ____D () C:\Users\Rüdiger\AppData\Local\IsolatedStorage ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-12 19:42 - 2014-01-07 18:57 - 01841342 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-12 19:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-04-12 17:59 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-12 17:59 - 2013-11-14 09:11 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat 2015-04-12 17:59 - 2013-11-14 09:11 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat 2015-04-12 17:56 - 2013-12-06 22:41 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-04-12 17:50 - 2014-01-07 19:15 - 00000000 __RDO () C:\Users\Rüdiger\SkyDrive 2015-04-12 17:50 - 2013-12-06 22:29 - 00000000 ____D () C:\ProgramData\Bigfoot Networks 2015-04-12 17:49 - 2013-12-06 22:34 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys 2015-04-12 17:48 - 2014-01-07 18:57 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-12 17:48 - 2013-11-14 00:18 - 00403648 _____ () C:\WINDOWS\PFRO.log 2015-04-12 17:48 - 2013-08-22 16:46 - 00375015 _____ () C:\WINDOWS\setupact.log 2015-04-12 17:48 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-12 17:48 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-04-12 14:27 - 2014-01-06 12:39 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-940551628-579839441-176653918-1002 2015-04-12 13:23 - 2014-01-07 19:00 - 00000000 ____D () C:\Users\Rüdiger 2015-04-12 13:05 - 2014-07-15 21:33 - 00000000 ____D () C:\Users\Rüdiger\Desktop\Bob 2015-04-11 13:12 - 2015-01-18 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-04-11 13:12 - 2015-01-18 15:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-04-11 13:12 - 2014-01-12 19:14 - 00000000 ____D () C:\ProgramData\Package Cache 2015-04-11 12:51 - 2014-04-18 20:11 - 00000000 ____D () C:\Program Files (x86)\Garmin 2015-04-11 12:50 - 2014-04-18 20:11 - 00003556 _____ () C:\WINDOWS\System32\Tasks\GarminUpdaterTask 2015-04-11 12:50 - 2014-04-18 20:11 - 00000000 ____D () C:\ProgramData\Garmin 2015-04-11 12:47 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-04-06 19:52 - 2014-04-27 15:08 - 00000000 ____D () C:\Users\Rüdiger\AppData\Local\Teasi 2015-04-05 15:45 - 2014-05-19 11:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-05 14:16 - 2014-08-12 21:26 - 00221696 ___SH () C:\Users\Rüdiger\Downloads\Thumbs.db 2015-04-05 12:26 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-04-04 14:54 - 2014-10-30 21:04 - 00000000 ____D () C:\Users\Rüdiger\AppData\Local\Spotify 2015-04-04 11:18 - 2014-10-30 20:59 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\Spotify 2015-04-01 22:21 - 2014-01-15 22:38 - 00536064 ___SH () C:\Users\Rüdiger\Desktop\Thumbs.db 2015-03-29 16:00 - 2014-09-21 15:12 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\Notepad++ 2015-03-27 09:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-03-26 00:31 - 2014-09-21 16:35 - 00000000 ____D () C:\Users\Rüdiger\Desktop\www 2015-03-23 17:04 - 2015-01-18 15:04 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\Avira 2015-03-23 17:04 - 2015-01-18 15:01 - 00000000 ____D () C:\ProgramData\Avira 2015-03-21 19:06 - 2014-01-06 12:31 - 00000000 ____D () C:\Users\Rüdiger\AppData\Local\Packages 2015-03-19 15:59 - 2015-02-12 17:59 - 00000000 ____D () C:\ProgramData\SupportAssistAgent 2015-03-17 20:46 - 2014-01-07 19:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-03-15 19:55 - 2014-09-12 02:09 - 00000000 ___HD () C:\ProgramData\CanonIJMIG 2015-03-14 15:29 - 2014-02-14 12:58 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-14 15:29 - 2014-01-07 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 ==================== Files in the root of some directories ======= 2015-03-26 00:56 - 2015-03-26 00:56 - 0035005 _____ () C:\Users\Rüdiger\AppData\Local\recently-used.xbel 2014-01-07 18:57 - 2014-01-07 18:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-12-06 22:37 - 2013-12-06 22:38 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-12-06 22:35 - 2013-12-06 22:36 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-12-06 22:36 - 2013-12-06 22:36 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-12-06 22:35 - 2013-12-06 22:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-12-06 22:36 - 2013-12-06 22:37 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some content of TEMP: ==================== C:\Users\Rüdiger\AppData\Local\Temp\avgnt.exe C:\Users\Rüdiger\AppData\Local\Temp\COMAP.EXE C:\Users\Rüdiger\AppData\Local\Temp\npp.6.7.4.Installer.exe C:\Users\Rüdiger\AppData\Local\Temp\npp.6.7.5.Installer.exe C:\Users\Rüdiger\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Rüdiger\AppData\Local\Temp\nvStInst.exe C:\Users\Rüdiger\AppData\Local\Temp\Quarantine.exe C:\Users\Rüdiger\AppData\Local\Temp\sqlite3.dll C:\Users\Rüdiger\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-12 14:27 ==================== End Of Log ============================ --- --- --- Auf den USB-Speichersticks werden unverändert nur die Verknüpfungen angezeigt. Sollte sich daran bereits was geändert haben oder muss ich testweise eine Datei auf einen der Datenträger kopieren? |
12.04.2015, 19:12 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 8.1: Nur Verknüpfungen auf USB-Stick Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses: HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Run: [system] => wscript.exe //B "C:\Users\RDIGER~1\AppData\Local\Temp\system.vbs" Startup: C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.vbs () EmptyTemp:
Nach dem Reboot bitte nochmal einen FRST-Scan: Schritt 2 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ --> Windows 8.1: Nur Verknüpfungen auf USB-Stick |
12.04.2015, 19:41 | #7 |
| Windows 8.1: Nur Verknüpfungen auf USB-Stick Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015 Ran by Rüdiger at 2015-04-12 20:35:17 Run:3 Running from C:\Users\Rüdiger\Desktop Loaded Profiles: Rüdiger (Available profiles: Rüdiger & Veronika) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Run: [system] => wscript.exe //B "C:\Users\RDIGER~1\AppData\Local\Temp\system.vbs" Startup: C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.vbs () EmptyTemp: ***************** Processes closed successfully. HKU\S-1-5-21-940551628-579839441-176653918-1002\Software\Microsoft\Windows\CurrentVersion\Run\\system => Value not found. C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.vbs not found. EmptyTemp: => Removed 349.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 20:35:24 ==== FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015 Ran by Rüdiger (administrator) on DELL on 12-04-2015 20:38:48 Running from C:\Users\Rüdiger\Desktop Loaded Profiles: Rüdiger (Available profiles: Rüdiger & Veronika) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Dell Inc.) C:\Program Files (x86)\DELL\SupportAssistAgent\bin\SupportAssistAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureDLNA.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Logitech, Inc.) C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe () C:\Program Files (x86)\DELL\Dell Wireless Keyboard Software\CDCtr.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-21] (Logitech, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [CDEjectCtr] => C:\Program Files (x86)\Dell\Dell Wireless Keyboard Software\CDCtr.exe [411648 2012-11-15] () HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179928 2013-01-03] (cyberlink) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Atheros Communications)) HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Run: [Spotify Web Helper] => C:\Users\Rüdiger\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-19] (Spotify Ltd) HKU\S-1-5-21-940551628-579839441-176653918-1002\...\Run: [Spotify] => C:\Users\Rüdiger\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-19] (Spotify Ltd) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cv act sc interface RegisterTool.lnk ShortcutTarget: cv act sc interface RegisterTool.lnk -> C:\Program Files (x86)\cv cryptovision\cv act sc interface\RegisterTool.exe (cv cryptovision GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-940551628-579839441-176653918-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-940551628-579839441-176653918-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation) Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-06-26] (pdfforge GmbH) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Hosts: 192.168.2.126 Dell Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Rüdiger\AppData\Roaming\Mozilla\Firefox\Profiles\yvmhdylz.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-06-26] (pdfforge GmbH) FF Extension: Avira Browser Safety - C:\Users\Rüdiger\AppData\Roaming\Mozilla\Firefox\Profiles\yvmhdylz.default\Extensions\abs@avira.com [2015-04-02] FF Extension: DownThemAll! - C:\Users\Rüdiger\AppData\Roaming\Mozilla\Firefox\Profiles\yvmhdylz.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-09-06] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-09-22] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245888 2013-01-02] (CyberLink) R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [135168 2013-09-13] () [File not signed] R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.) S4 fetdaemon; C:\Program Files (x86)\PDS Programm + Datenservice GmbH\FET-X\fetd\srvany.exe [13312 1997-05-15] () [File not signed] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [579072 2013-12-11] (Hauppauge Computer Works) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [179688 2013-01-19] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-06-26] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH) R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [497664 2013-01-31] () [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-22] (SoftThinks SAS) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3203440 2013-01-31] (Qualcomm Atheros, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG) S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-01-31] (Qualcomm Atheros, Inc.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [32768 2008-10-24] (CSR) S3 cxbu0x64; C:\Windows\system32\DRIVERS\cxbu0x64.sys [147576 2014-04-05] (HID Global Corporation) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-31] (Dell Computer Corporation) S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2014-01-12] (Hauppauge Computer Works, Inc.) S3 hcw95rc; C:\Windows\system32\DRIVERS\hcw95rc.sys [19840 2014-01-12] (Hauppauge Computer Works, Inc.) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [20968 2013-01-19] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [19944 2013-01-19] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-01-19] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73984 2014-06-16] (Identive) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-04-12] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-12 20:37 - 2015-04-12 20:37 - 00000000 ___RD () C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-04-12 20:36 - 2015-04-12 20:36 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp 2015-04-12 17:59 - 2015-04-12 17:59 - 02347384 _____ (ESET) C:\Users\Rüdiger\Desktop\esetsmartinstaller_deu.exe 2015-04-12 17:47 - 2015-04-12 17:47 - 00000000 ____D () C:\Users\Rüdiger\Desktop\FRST-OlderVersion 2015-04-12 13:58 - 2015-04-12 13:58 - 00000681 _____ () C:\Users\Rüdiger\Desktop\Gmer.log 2015-04-12 13:29 - 2015-04-12 13:29 - 00380416 _____ () C:\Users\Rüdiger\Desktop\ro8k7t18.exe 2015-04-12 13:28 - 2015-04-12 13:28 - 00035618 _____ () C:\Users\Rüdiger\Desktop\Addition.txt 2015-04-12 13:27 - 2015-04-12 20:38 - 00024397 _____ () C:\Users\Rüdiger\Desktop\FRST.txt 2015-04-12 13:27 - 2015-04-12 17:47 - 02096640 _____ (Farbar) C:\Users\Rüdiger\Desktop\FRST64.exe 2015-04-12 13:23 - 2015-04-12 13:26 - 00000476 _____ () C:\Users\Rüdiger\Desktop\defogger_disable.log 2015-04-12 13:23 - 2015-04-12 13:23 - 00050477 _____ () C:\Users\Rüdiger\Desktop\Defogger.exe 2015-04-12 13:23 - 2015-04-12 13:23 - 00000000 _____ () C:\Users\Rüdiger\defogger_reenable 2015-04-11 12:51 - 2015-04-11 12:51 - 00000000 ____D () C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid 2015-04-11 12:51 - 2015-04-11 12:51 - 00000000 ____D () C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid 2015-04-11 12:50 - 2015-04-11 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-04-05 17:41 - 2015-04-12 20:38 - 00000000 ____D () C:\FRST 2015-04-05 14:22 - 2015-04-05 14:22 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-DELL-Windows-8.1-(64-bit).dat 2015-04-05 14:22 - 2015-04-05 14:22 - 00000000 ____D () C:\RegBackup 2015-04-05 14:17 - 2015-04-05 14:17 - 00000000 ____D () C:\AdwCleaner 2015-04-05 14:02 - 2015-04-05 14:02 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-04-05 14:01 - 2015-04-05 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-05 14:01 - 2015-04-05 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-05 14:01 - 2015-04-05 14:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-05 14:01 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-04-05 14:01 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-04-05 14:01 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-04-05 13:59 - 2015-04-05 13:59 - 00003108 _____ () C:\WINDOWS\System32\Tasks\PandaUSBVaccine 2015-04-05 13:59 - 2015-04-05 13:59 - 00000000 ____D () C:\ProgramData\Panda Security 2015-04-05 13:59 - 2015-04-05 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2015-04-05 13:59 - 2015-04-05 13:59 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine 2015-04-05 13:14 - 2015-04-05 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-05 12:26 - 2015-04-05 12:26 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX 2015-04-05 12:26 - 2015-04-05 12:26 - 00000000 ___SD () C:\WINDOWS\system32\GWX 2015-03-26 00:56 - 2015-03-26 00:56 - 00035005 _____ () C:\Users\Rüdiger\AppData\Local\recently-used.xbel 2015-03-25 18:51 - 2015-03-25 18:51 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\naviextras 2015-03-25 18:50 - 2015-03-25 18:50 - 14225936 _____ (NNG Llc.) C:\Users\Rüdiger\Downloads\Naviextras_Toolbox_Setup.exe 2015-03-25 18:50 - 2015-03-25 18:50 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Naviextras 2015-03-25 18:50 - 2015-03-25 18:50 - 00000000 ____D () C:\Program Files (x86)\Naviextras 2015-03-21 19:04 - 2015-04-12 20:37 - 00005128 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DELL-Rüdiger Dell 2015-03-15 20:21 - 2015-03-15 20:21 - 00000000 ____D () C:\Users\Rüdiger\AppData\Local\IsolatedStorage ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-12 20:38 - 2013-12-06 22:41 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-04-12 20:37 - 2014-01-07 18:57 - 01894310 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-12 20:36 - 2014-01-15 22:38 - 00536064 ___SH () C:\Users\Rüdiger\Desktop\Thumbs.db 2015-04-12 20:36 - 2014-01-07 19:15 - 00000000 __RDO () C:\Users\Rüdiger\SkyDrive 2015-04-12 20:36 - 2014-01-07 18:57 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-12 20:36 - 2013-12-06 22:34 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys 2015-04-12 20:36 - 2013-12-06 22:29 - 00000000 ____D () C:\ProgramData\Bigfoot Networks 2015-04-12 20:36 - 2013-11-14 00:18 - 00408010 _____ () C:\WINDOWS\PFRO.log 2015-04-12 20:36 - 2013-08-22 16:46 - 00375246 _____ () C:\WINDOWS\setupact.log 2015-04-12 20:36 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-12 20:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-04-12 20:35 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-04-12 17:59 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-12 17:59 - 2013-11-14 09:11 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat 2015-04-12 17:59 - 2013-11-14 09:11 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat 2015-04-12 14:27 - 2014-01-06 12:39 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-940551628-579839441-176653918-1002 2015-04-12 13:23 - 2014-01-07 19:00 - 00000000 ____D () C:\Users\Rüdiger 2015-04-12 13:05 - 2014-07-15 21:33 - 00000000 ____D () C:\Users\Rüdiger\Desktop\Bob 2015-04-11 13:12 - 2015-01-18 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-04-11 13:12 - 2015-01-18 15:01 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-04-11 13:12 - 2014-01-12 19:14 - 00000000 ____D () C:\ProgramData\Package Cache 2015-04-11 12:51 - 2014-04-18 20:11 - 00000000 ____D () C:\Program Files (x86)\Garmin 2015-04-11 12:50 - 2014-04-18 20:11 - 00003556 _____ () C:\WINDOWS\System32\Tasks\GarminUpdaterTask 2015-04-11 12:50 - 2014-04-18 20:11 - 00000000 ____D () C:\ProgramData\Garmin 2015-04-11 12:47 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-04-06 19:52 - 2014-04-27 15:08 - 00000000 ____D () C:\Users\Rüdiger\AppData\Local\Teasi 2015-04-05 15:45 - 2014-05-19 11:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-05 14:16 - 2014-08-12 21:26 - 00221696 ___SH () C:\Users\Rüdiger\Downloads\Thumbs.db 2015-04-05 12:26 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-04-04 14:54 - 2014-10-30 21:04 - 00000000 ____D () C:\Users\Rüdiger\AppData\Local\Spotify 2015-04-04 11:18 - 2014-10-30 20:59 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\Spotify 2015-03-29 16:00 - 2014-09-21 15:12 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\Notepad++ 2015-03-27 09:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-03-26 00:31 - 2014-09-21 16:35 - 00000000 ____D () C:\Users\Rüdiger\Desktop\www 2015-03-23 17:04 - 2015-01-18 15:04 - 00000000 ____D () C:\Users\Rüdiger\AppData\Roaming\Avira 2015-03-23 17:04 - 2015-01-18 15:01 - 00000000 ____D () C:\ProgramData\Avira 2015-03-21 19:06 - 2014-01-06 12:31 - 00000000 ____D () C:\Users\Rüdiger\AppData\Local\Packages 2015-03-19 15:59 - 2015-02-12 17:59 - 00000000 ____D () C:\ProgramData\SupportAssistAgent 2015-03-17 20:46 - 2014-01-07 19:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-03-15 19:55 - 2014-09-12 02:09 - 00000000 ___HD () C:\ProgramData\CanonIJMIG 2015-03-14 15:29 - 2014-02-14 12:58 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-14 15:29 - 2014-01-07 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 ==================== Files in the root of some directories ======= 2015-03-26 00:56 - 2015-03-26 00:56 - 0035005 _____ () C:\Users\Rüdiger\AppData\Local\recently-used.xbel 2014-01-07 18:57 - 2014-01-07 18:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-12-06 22:37 - 2013-12-06 22:38 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-12-06 22:35 - 2013-12-06 22:36 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-12-06 22:36 - 2013-12-06 22:36 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-12-06 22:35 - 2013-12-06 22:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-12-06 22:36 - 2013-12-06 22:37 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some content of TEMP: ==================== C:\Users\Rüdiger\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-12 14:27 ==================== End Of Log ============================ --- --- --- |
12.04.2015, 19:43 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 8.1: Nur Verknüpfungen auf USB-Stick Wie schaut es jetzt aus?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
12.04.2015, 19:52 | #9 |
| Windows 8.1: Nur Verknüpfungen auf USB-Stick Sofern ich das beurteilen kann ist die Situation unverändert. Es sind weiterhin nur Verknüpfungen zu sehen, die Zieldateien werden versteckt. |
12.04.2015, 19:54 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 8.1: Nur Verknüpfungen auf USB-Stick Auch wenn Du neue Dateien rüberkopierst?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
12.04.2015, 20:29 | #11 |
| Windows 8.1: Nur Verknüpfungen auf USB-Stick Nein, das funktioniert tatsächlich wieder. Vielen Dank! Sollen die Verknüpfungen nun einfach manuell gelöscht werden? |
12.04.2015, 20:33 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 8.1: Nur Verknüpfungen auf USB-Stick Immer mit der Ruhe... Schritt 1 Upload:
Bitte um Rückmeldung ob es geklappt hat! Danke für Deine Hilfe!
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
12.04.2015, 20:49 | #13 |
| Windows 8.1: Nur Verknüpfungen auf USB-Stick Bevor ich etwas falsch mache: Die anderen Felder soll ich auch ausfüllen und dann hochladen? |
12.04.2015, 20:52 | #14 |
/// TB-Ausbilder /// Anleitungs-Guru | Windows 8.1: Nur Verknüpfungen auf USB-Stick Wie die anderen Felder? Link zum Thema, Benutzername...ja
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
12.04.2015, 21:00 | #15 |
| Windows 8.1: Nur Verknüpfungen auf USB-Stick Ok, die Datei wurde hochgeladen. |
Themen zu Windows 8.1: Nur Verknüpfungen auf USB-Stick |
adobe, adware, antivir, antivirus, avira, bonjour, browser, computer, cpu, defender, explorer, failed, firefox, flash player, homepage, mozilla, problem, prozess, realtek, registry, required, rundll, services.exe, svchost.exe, system, windows, windowsapps |