| |
| |||||||
Log-Analyse und Auswertung: Tabs laden selbstständig mit Reklame in allen Browsern bei W7 32bitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.04.2015, 13:16
| #1 |
| |  Tabs laden selbstständig mit Reklame in allen Browsern bei W7 32bit Moin zusammen, bei allen Browsern laden Tabs selbstständig mit Reklame. Teilweise bis zu 10 direkt hintereinander. Vorwiegend ptp24 dot com. Ich habe das Problem bei 2 weiteren Computern mit W7 64bit und XP ebenfalls. Ich bitte um Hilfe, da ich nicht mit den bekannten Programmen weiterkomme. Mein System ist ein W7 32bit. AVG verwende ich als Antivirenprogramm. Hier die ersten Logfiles. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:29 on 15/04/2015 (VB)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015
Ran by VB (administrator) on THINKPAD_X61 on 15-04-2015 12:36:50
Running from C:\Users\VB\Desktop
Loaded Profiles: VB (Available profiles: VB)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
() C:\Program Files\Join Air\AssistantServices.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\Join Air\UIExec.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Fred's Software) C:\Program Files\PrintKey2000\Printkey2000.exe
(Dropbox, Inc.) C:\Users\VB\AppData\Roaming\Dropbox\bin\Dropbox.exe
(telegate MEDIA AG) C:\Program Files\klickTel\klickTel OEM Herbst 2012\kstart32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [95264 2011-11-01] (Lenovo Group Limited)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [338216 2013-06-20] (Lenovo.)
HKLM\...\Run: [UIExec] => C:\Program Files\Join Air\UIExec.exe [138072 2010-04-27] ()
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [wermgr] => C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [6786560 2015-01-09] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-1530652611-3691238261-3748657044-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1530652611-3691238261-3748657044-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1530652611-3691238261-3748657044-1001\...\MountPoints2: {09af47db-ac51-11e4-a974-001d729afb15} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Vertriebsportal.exe
HKU\S-1-5-21-1530652611-3691238261-3748657044-1001\...\MountPoints2: {5d7880e2-f505-11e2-9c5b-001d729afb15} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Vertriebsportal.exe
HKU\S-1-5-21-1530652611-3691238261-3748657044-1001\...\MountPoints2: {8f3eb0a2-b334-11e3-add6-001d729afb15} - Explorer.exe UserGuild.htm
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-23] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk
ShortcutTarget: Printkey2000.lnk -> C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
Startup: C:\Users\VB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\VB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\VB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\klickTel OEM Herbst 2012 - Schnellstarter.lnk
ShortcutTarget: klickTel OEM Herbst 2012 - Schnellstarter.lnk -> C:\Program Files\klickTel\klickTel OEM Herbst 2012\kstart32.exe (telegate MEDIA AG)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\VB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\VB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\VB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1530652611-3691238261-3748657044-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1530652611-3691238261-3748657044-1001 -> DefaultScope {BCCA108C-500D-4861-8772-C7205C900E67} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1530652611-3691238261-3748657044-1001 -> {BCCA108C-500D-4861-8772-C7205C900E67} URL = https://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-25] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-25] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\VB\AppData\Roaming\Mozilla\Firefox\Profiles\74wxll2b.default-1424900660657
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Edge - C:\Users\VB\AppData\Roaming\Mozilla\Firefox\Profiles\74wxll2b.default-1424900660657\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-03-11]
Chrome:
=======
CHR Profile: C:\Users\VB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\VB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-23]
CHR Extension: (Google Docs) - C:\Users\VB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-23]
CHR Extension: (Google Drive) - C:\Users\VB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-23]
CHR Extension: (YouTube) - C:\Users\VB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-23]
CHR Extension: (Google Search) - C:\Users\VB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-23]
CHR Extension: (Google Sheets) - C:\Users\VB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-23]
CHR Extension: (Google Wallet) - C:\Users\VB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-23]
CHR Extension: (Gmail) - C:\Users\VB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-23]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [110128 2014-05-27] (Lenovo Group Limited)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664808 2013-06-26] (Lenovo Group Limited)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [49136 2015-03-27] ()
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [116208 2014-06-10] (Lenovo Group Limited)
R2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [247152 2010-04-27] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [224736 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210912 2015-02-25] (AVG Technologies CZ, s.r.o.)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [11976 2011-05-30] (Authentec Inc.)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [24872 2011-11-01] (Lenovo Group Limited)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2013-03-18] (Apple, Inc.) [File not signed]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-15 12:15 - 2015-04-15 12:15 - 00000056 _____ () C:\Windows\setupact.log
2015-04-15 12:15 - 2015-04-15 12:15 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-13 17:57 - 2015-04-13 17:57 - 00000000 ____D () C:\Users\VB\Downloads\Install_Power_Commander_5_v1.0.6.4
2015-04-13 17:55 - 2015-04-13 17:56 - 11938322 _____ () C:\Users\VB\Downloads\Install_Power_Commander_5_v1.0.6.4.zip
2015-04-13 17:49 - 2015-04-13 17:50 - 02347384 _____ (ESET) C:\Users\VB\Downloads\esetsmartinstaller_deu(1).exe
2015-04-09 11:56 - 2015-04-09 11:57 - 00031075 _____ () C:\Users\VB\Desktop\Addition.txt
2015-04-09 11:54 - 2015-04-15 12:37 - 00017784 _____ () C:\Users\VB\Desktop\FRST.txt
2015-04-09 11:50 - 2015-04-15 12:31 - 01136640 _____ (Farbar) C:\Users\VB\Desktop\FRST.exe
2015-04-09 11:50 - 2015-04-15 12:29 - 00000466 _____ () C:\Users\VB\Desktop\defogger_disable.log
2015-04-09 11:50 - 2015-04-09 10:57 - 00380416 _____ () C:\Users\VB\Desktop\Gmer-19357(1).exe
2015-04-09 11:50 - 2015-04-09 10:43 - 00050477 _____ () C:\Users\VB\Desktop\Defogger.exe
2015-04-09 11:50 - 2015-03-20 07:29 - 00602112 _____ (OldTimer Tools) C:\Users\VB\Desktop\OTL.exe
2015-04-09 11:41 - 2015-04-09 11:54 - 00010610 _____ () C:\Users\VB\Desktop\gmer.log
2015-04-09 10:57 - 2015-04-09 10:57 - 00380416 _____ () C:\Users\VB\Downloads\Gmer-19357(1).exe
2015-04-09 10:50 - 2015-04-09 10:52 - 00026765 _____ () C:\Users\VB\Downloads\Addition.txt
2015-04-09 10:49 - 2015-04-09 10:52 - 00039697 _____ () C:\Users\VB\Downloads\FRST.txt
2015-04-09 10:47 - 2015-04-15 12:37 - 00000000 ____D () C:\FRST
2015-04-09 10:46 - 2015-04-09 10:46 - 01135104 _____ (Farbar) C:\Users\VB\Downloads\FRST.exe
2015-04-09 10:45 - 2015-04-09 10:46 - 00000466 _____ () C:\Users\VB\Downloads\defogger_disable.log
2015-04-09 10:45 - 2015-04-09 10:45 - 00000000 _____ () C:\Users\VB\defogger_reenable
2015-04-09 10:43 - 2015-04-09 10:43 - 00050477 _____ () C:\Users\VB\Downloads\Defogger.exe
2015-04-08 17:15 - 2015-04-08 17:15 - 00000818 _____ () C:\Users\VB\Desktop\JRT.txt
2015-04-08 17:02 - 2015-04-08 17:02 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-THINKPAD_X61-Windows-7-Ultimate-(32-bit).dat
2015-04-08 17:02 - 2015-04-08 17:02 - 00000000 ____D () C:\RegBackup
2015-04-08 17:01 - 2015-04-07 17:36 - 02686959 _____ (Thisisu) C:\Users\VB\Desktop\JRT_NEW.exe
2015-04-08 15:33 - 2015-04-08 15:34 - 05344528 _____ (Piriform Ltd) C:\Users\VB\Downloads\ccsetup504.exe
2015-03-25 11:23 - 2015-03-25 11:23 - 00224736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-03-20 13:11 - 2015-03-20 13:11 - 00817286 _____ () C:\Users\VB\Downloads\Betrieblicher_Vorsorgerechner.zip
2015-03-20 13:11 - 2015-03-20 13:11 - 00000000 ____D () C:\Users\VB\Downloads\Betrieblicher_Vorsorgerechner
2015-03-20 08:44 - 2015-03-20 08:44 - 16342352 _____ (Geek Software GmbH ) C:\Users\VB\Downloads\pdf24-creator-6.9.2.exe
2015-03-20 08:28 - 2015-03-20 08:29 - 00000000 ____D () C:\Users\VB\Desktop\Tor Browser
2015-03-20 08:17 - 2015-03-20 08:17 - 00000000 ____D () C:\Users\VB\Downloads\MicrosoftFixit.malware.Run
2015-03-20 07:59 - 2015-03-20 07:59 - 00000000 ____D () C:\Users\VB\AppData\Local\MetaGeek,_LLC
2015-03-20 07:57 - 2015-03-20 07:57 - 00002477 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2015-03-20 07:57 - 2015-03-20 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek
2015-03-20 07:57 - 2015-03-20 07:57 - 00000000 ____D () C:\Program Files\MetaGeek
2015-03-20 07:55 - 2015-03-20 07:55 - 04767744 _____ () C:\Users\VB\Downloads\inSSIDer31-installer.msi
2015-03-20 07:54 - 2015-03-20 07:54 - 00211231 _____ () C:\Users\VB\Downloads\MicrosoftFixit.malware.Run.zip
2015-03-20 07:50 - 2015-03-20 07:51 - 34670726 _____ () C:\Users\VB\Downloads\torbrowser-install-4.0.4_de.exe
2015-03-20 07:48 - 2015-03-20 07:48 - 01319328 _____ (File Repair ) C:\Users\VB\Downloads\file-repair-setup.exe
2015-03-20 07:45 - 2015-03-20 07:45 - 04954736 _____ (Microsoft Corporation) C:\Users\VB\Downloads\WindowsSetupBox.exe
2015-03-20 07:29 - 2015-03-20 07:29 - 00602112 _____ (OldTimer Tools) C:\Users\VB\Downloads\OTL.exe
2015-03-20 07:22 - 2015-03-20 07:23 - 00000565 _____ () C:\Users\VB\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2015-03-20 00:36 - 2015-03-20 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-20 00:34 - 2015-03-20 00:36 - 00000000 ____D () C:\Program Files\QuickTime
2015-03-19 23:10 - 2015-03-19 23:10 - 05490752 _____ (Secunia) C:\Users\VB\Downloads\PSISetup10004.exe
2015-03-19 23:10 - 2015-03-19 23:10 - 00000000 ____D () C:\Users\VB\AppData\Local\Secunia PSI
2015-03-19 23:10 - 2015-03-19 23:10 - 00000000 ____D () C:\Program Files\Secunia
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-15 12:21 - 2009-07-14 06:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 12:21 - 2009-07-14 06:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 12:20 - 2013-07-22 23:59 - 00000000 ___RD () C:\Dropbox
2015-04-15 12:20 - 2013-07-22 14:18 - 01817320 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 12:17 - 2013-07-23 07:31 - 00000000 ____D () C:\Users\VB\AppData\Roaming\Dropbox
2015-04-15 12:15 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 12:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-15 12:07 - 2015-01-23 18:13 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 11:33 - 2014-09-12 19:29 - 00000000 ____D () C:\Program Files\DVAG Online-System
2015-04-15 10:10 - 2013-07-23 07:33 - 00000000 ____D () C:\Users\VB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-15 10:03 - 2015-01-19 16:53 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-14 14:37 - 2014-04-14 12:37 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2015-04-09 13:12 - 2014-12-16 16:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-04-09 12:48 - 2010-02-09 21:56 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 10:45 - 2013-07-22 14:31 - 00000000 ____D () C:\Users\VB
2015-04-09 10:28 - 2015-01-19 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-09 10:24 - 2013-07-22 21:37 - 00001554 _____ () C:\Users\VB\Desktop\A U S.lnk
2015-04-08 15:34 - 2013-07-22 20:19 - 00000974 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-08 15:34 - 2013-07-22 20:19 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-08 14:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-08 11:43 - 2013-07-22 22:14 - 00000000 ____D () C:\ProgramData\Lenovo
2015-04-08 11:42 - 2013-07-22 20:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-04-08 11:41 - 2013-07-22 20:22 - 00000000 ____D () C:\Program Files\Lenovo
2015-04-08 11:18 - 2015-03-10 22:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-20 00:27 - 2013-07-22 20:02 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-20 00:27 - 2013-07-22 20:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-19 23:06 - 2014-08-15 10:27 - 00000000 ____D () C:\Windows\rescache
2015-03-19 22:26 - 2014-08-20 13:59 - 00000000 ____D () C:\Users\VB\AppData\Local\Adobe
==================== Files in the root of some directories =======
2013-08-19 07:44 - 2013-09-24 08:46 - 0007596 _____ () C:\Users\VB\AppData\Local\resmon.resmoncfg
2013-07-22 15:39 - 2013-07-22 15:39 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\VB\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzqsgei.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-14 10:32
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015
Ran by VB at 2015-04-15 12:38:26
Running from C:\Users\VB\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 17 ActiveX (HKLM\...\{8C901387-B304-404D-93C0-E2E0C2D53D90}) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4331 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon Kurzwahlprogramm (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MX920 series Benutzerregistrierung (HKLM\...\Canon MX920 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
DesignPro 5 (HKLM\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery)
DesignPro 5 (Version: 5.5.708 - Avery) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-1530652611-3691238261-3748657044-1001\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Elevated Installer (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.55 - )
FixFoto 3.30 (HKLM\...\FixFoto_is1) (Version: - Joachim Koopmann Software)
Freizeitkarte_ALPS (Ausgabe 13.09) (HKLM\...\Freizeitkarte_ALPS) (Version: - )
Freizeitkarte_AUT+ (Ausgabe 13.09) (HKLM\...\Freizeitkarte_AUT+) (Version: - )
Freizeitkarte_BEL (Ausgabe 13.09) (HKLM\...\Freizeitkarte_BEL) (Version: - )
Freizeitkarte_BEL_NLD_LUX (Ausgabe 13.09) (HKLM\...\Freizeitkarte_BEL_NLD_LUX) (Version: - )
Freizeitkarte_CHE+ (Ausgabe 13.09) (HKLM\...\Freizeitkarte_CHE+) (Version: - )
Freizeitkarte_DEU+ (Ausgabe 13.09) (HKLM\...\Freizeitkarte_DEU+) (Version: - )
Freizeitkarte_FRA (Ausgabe 13.09) (HKLM\...\Freizeitkarte_FRA) (Version: - )
Freizeitkarte_ITA (Ausgabe 13.09) (HKLM\...\Freizeitkarte_ITA) (Version: - )
Garmin BaseCamp (HKLM\...\{7C69F731-6471-48FE-899B-1C40F80042C7}) (Version: 4.4.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2015.20 (HKLM\...\{EF144B2A-E433-45ED-959C-FD913ABCE5D8}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM\...\{F0D44E64-51EE-4888-A1FD-F13108B75A43}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin VIRB Edit (HKLM\...\{0CCE02C9-1020-46D8-AD46-B138CC379958}) (Version: 2.6.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1867 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}) (Version: 13.04.0000 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Join Air (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Keyman Package - GreekClassical (HKLM\...\Keyman Package GreekClassical) (Version: - )
klickTel OEM Herbst 2012 (HKLM\...\{3BE928ED-DFAD-4AE2-9EE2-FD635612866B}) (Version: 1.00.0000 - telegate MEDIA AG)
Lenovo Patch Utility (HKLM\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0034 - Lenovo)
Metric Collection SDK (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PrintKey2000 (HKLM\...\PrintKey2000) (Version: - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0027.00 - Lenovo Group Limited)
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7255 - Analog Devices)
StarMoney (Version: 4.0.4.16 - StarFinanz) Hidden
StarMoney 9.0 (HKLM\...\{6D06E570-8F56-4589-A65E-3112F512BDEB}) (Version: 9.0 - Star Finanz GmbH)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tavultesoft Keyman 6.0 (HKLM\...\Tavultesoft Keyman 6.0) (Version: - )
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad TrackPoint Driver (HKLM\...\TrackPoint) (Version: 4.73.1.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.26 - Lenovo)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinMerge 2.14.0 (HKLM\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1530652611-3691238261-3748657044-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\VB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1530652611-3691238261-3748657044-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\VB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1530652611-3691238261-3748657044-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1530652611-3691238261-3748657044-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1530652611-3691238261-3748657044-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1530652611-3691238261-3748657044-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1530652611-3691238261-3748657044-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1530652611-3691238261-3748657044-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1530652611-3691238261-3748657044-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1530652611-3691238261-3748657044-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
13-04-2015 14:00:33 Windows-Sicherung
15-04-2015 11:34:14 Removed iTunes
15-04-2015 11:36:37 Removed Partition Manager 8.5 Enterprise Server Edition
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {04A7767C-E899-4979-8EE3-39EDF9CB4571} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {201E8AF9-2AD0-4859-8E50-F611D3EE13EA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {20286C40-4533-459D-9650-54C07AA3A217} - System32\Tasks\{91BA3ACA-2F9F-4EAE-B402-FB6655F89350} => C:\WU Temp\PrintKey 2000 - CHIP-Downloader.exe
Task: {2DE01F74-A019-42C7-A9C4-102716371E29} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {3A77DB6C-F1DA-4C60-ACBB-EC984ADD2F9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3B956D18-B55B-417F-B750-066DB71DB5D5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3C5E6E2A-BD9B-428E-9210-3A93A4545C8D} - System32\Tasks\{3174844E-54BA-4883-BB4B-84BD8635F16D} => pcalua.exe -a D:\lenovo\BIOS.exe -d D:\lenovo
Task: {4C3B278D-EE21-44D3-87E2-D780748A438E} - System32\Tasks\{4B19F265-141B-46B6-B51B-76EF73F5728A} => pcalua.exe -a "C:\WU Temp\7mwc03ww.exe" -d "C:\WU Temp"
Task: {67CA7FC8-A5EA-4D60-B527-3C65001E12A9} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {6E281B41-559C-4FDA-BF78-5808A6E98E03} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {77ABAFC9-CDAC-4A57-B2AB-EEB6480E3807} - System32\Tasks\{CCBD5CED-D3B8-4151-9500-B06BC0797129} => pcalua.exe -a D:\lenovo\tvtvrnr43_1027fi.exe -d D:\lenovo
Task: {789908AD-55B6-44C2-94A3-EFE3892EDA4B} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {9994D70A-3A18-4C80-91F3-4C8A03DECBC8} - System32\Tasks\{CBB3FBC8-5D31-4494-9FAF-E56405B8BFA8} => pcalua.exe -a "C:\Program Files\DVAG Online-System\smartclient\smartclient.exe" -d "C:\Program Files\DVAG Online-System\smartclient\" -c -profile de
Task: {9F327FD7-3B81-4AB8-9D17-C8B5AD15BD0E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A07E1EA2-06F5-493E-A54B-F607559F3550} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {A2BFC3BB-5494-48C2-8D98-81BC92581156} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A9EB6D1C-0CAA-48FD-B7B2-A76C56D34A0A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {B2DC7E45-988B-4CF6-90EC-F931C5588201} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {BC97B9D5-3E03-48B2-9F7F-8DD0DAD6E3FB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {C448DBEB-535E-4C4B-A408-4CEA79FA0BC7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E3BB47B1-C439-444F-9E3E-158E88E71223} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files\Lenovo\System Update\tvsuShim.exe [2015-03-27] ()
Task: {EE7E91B5-94C1-435B-A107-28B71BA53269} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-20] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2013-07-23 07:41 - 2013-06-06 08:24 - 00019448 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-16 17:07 - 2012-03-28 14:49 - 00140456 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2014-08-06 10:07 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files\StarMoney 9.0\ouservice\PATCHW32.dll
2013-08-03 00:47 - 2010-04-27 16:57 - 00247152 _____ () C:\Program Files\Join Air\AssistantServices.exe
2013-08-03 00:47 - 2010-04-27 17:06 - 00138072 _____ () C:\Program Files\Join Air\UIExec.exe
2013-07-22 22:13 - 2013-06-26 06:55 - 00095232 _____ () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2012-06-14 22:11 - 2012-06-14 22:11 - 00325968 _____ () C:\ProgramData\Microsoft\Windows\WER\lua5.1.dll
2015-04-15 12:16 - 2015-04-15 12:16 - 00043008 _____ () c:\users\vb\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzqsgei.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\VB\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\VB\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\VB\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\VB\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1530652611-3691238261-3748657044-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk => C:\Windows\pss\VR-NetWorld Auftragsprüfung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^VB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk.Startup
MSCONFIG\startupreg: Launch Backup Service Once => C:\Program Files\Lenovo\Rescue and Recovery\rrstrigger.exe -start
MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
==================== Accounts: =============================
Administrator (S-1-5-21-1530652611-3691238261-3748657044-500 - Administrator - Disabled)
Gast (S-1-5-21-1530652611-3691238261-3748657044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1530652611-3691238261-3748657044-1002 - Limited - Enabled)
Scanner (S-1-5-21-1530652611-3691238261-3748657044-1003 - Limited - Enabled)
VB (S-1-5-21-1530652611-3691238261-3748657044-1001 - Administrator - Enabled) => C:\Users\VB
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/15/2015 00:15:43 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (04/15/2015 00:15:43 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (04/15/2015 00:15:43 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
System errors:
=============
Error: (04/15/2015 00:16:55 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (04/15/2015 00:15:43 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name43900
Error: (04/15/2015 00:15:43 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name25900
Error: (04/15/2015 00:15:43 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name17900
CodeIntegrity Errors:
===================================
Date: 2015-04-15 12:16:38.178
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\AEADIAPR.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-15 12:16:27.438
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\AEADIAPR.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-15 12:14:18.221
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\AEADIAPR.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-15 11:43:30.070
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\AEADIAPR.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-15 11:43:06.973
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\AEADIAPR.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-15 11:41:04.170
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\AEADIAPR.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-15 10:03:20.325
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\AEADIAPR.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-15 09:58:45.576
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\AEADIAPR.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-15 09:58:43.541
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\AEADIAPR.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-14 14:36:02.614
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\AEADIAPR.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Percentage of memory in use: 47%
Total physical RAM: 3062.3 MB
Available physical RAM: 1602.23 MB
Total Pagefile: 6122.89 MB
Available Pagefile: 4381.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.75 MB
==================== Drives ================================
Drive c: (Bobby) (Fixed) (Total:172.78 GB) (Free:43.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:292.97 GB) (Free:126.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1678649D)
Partition 1: (Active) - (Size=172.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-15 13:16:16
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500420AS rev.0002SDM1 465,76GB
Running: Gmer-19357(1).exe; Driver: C:\Users\VB\AppData\Local\Temp\uwdyakob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x912016E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x91201800]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x91201010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x912014D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x91201300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x912013E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x91201120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x91201210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x912015E0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495 830509E5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8308A312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1357 830917DC 2 Bytes [E0, 16] {LOOPNZ 0x18}
.text ntkrnlpa.exe!KeRemoveQueueEx + 135A 830917DF 3 Bytes [91, 00, 18] {XCHG ECX, EAX; ADD [EAX], BL}
.text ntkrnlpa.exe!KeRemoveQueueEx + 135E 830917E3 1 Byte [91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 83091824 4 Bytes [10, 10, 20, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 13BF 83091844 4 Bytes [D0, 14, 20, 91] {RCL BYTE [EAX], 0x1; XCHG ECX, EAX}
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\SearchIndexer.exe[1680] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\SearchIndexer.exe[1680] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\SearchIndexer.exe[1680] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\Dwm.exe[2528] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\Dwm.exe[2528] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2560] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2560] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2560] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\Explorer.EXE[2580] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\Explorer.EXE[2580] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\Explorer.EXE[2580] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2604] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2604] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2604] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\wbem\unsecapp.exe[2876] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\wbem\unsecapp.exe[2876] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\wbem\unsecapp.exe[2876] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2940] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2940] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2940] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2948] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2948] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2948] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3072] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3072] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3072] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\LENOVO\HOTKEY\shtctky.exe[3080] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\LENOVO\HOTKEY\shtctky.exe[3080] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\LENOVO\HOTKEY\shtctky.exe[3080] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\svchost.exe[3396] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\svchost.exe[3396] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\svchost.exe[3396] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3524] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3524] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3524] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3572] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3572] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3572] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[3652] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[3652] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[3652] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\svchost.exe[3720] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\svchost.exe[3720] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\svchost.exe[3720] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\svchost.exe[3740] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\svchost.exe[3740] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\svchost.exe[3740] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[3756] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[3756] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[3756] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[3824] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[3824] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[3824] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Join Air\AssistantServices.exe[3848] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Join Air\AssistantServices.exe[3848] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Join Air\AssistantServices.exe[3848] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3888] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3888] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3888] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3952] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3952] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3952] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3984] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3984] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3984] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[4080] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[4080] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[4080] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE[4212] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE[4212] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE[4212] KERNEL32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4252] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4252] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4252] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[4520] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[4520] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[4520] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\TeamViewer\Version8\TeamViewer.exe[4528] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\TeamViewer\Version8\TeamViewer.exe[4528] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\TeamViewer\Version8\TeamViewer.exe[4528] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\TpShocks.exe[4564] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\TpShocks.exe[4564] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\TpShocks.exe[4564] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Join Air\UIExec.exe[4596] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Join Air\UIExec.exe[4596] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Join Air\UIExec.exe[4596] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\hkcmd.exe[4608] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\hkcmd.exe[4608] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\hkcmd.exe[4608] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE[4620] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE[4620] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE[4620] KERNEL32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4644] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4644] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4644] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4748] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4748] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4748] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\AVG\AVG2015\avgui.exe[4800] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\AVG\AVG2015\avgui.exe[4800] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\AVG\AVG2015\avgui.exe[4800] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\igfxtray.exe[4832] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\igfxtray.exe[4832] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\igfxtray.exe[4832] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\rundll32.exe[4840] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\rundll32.exe[4840] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\rundll32.exe[4840] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[4868] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[4868] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[4868] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4876] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4876] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4876] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\igfxpers.exe[4900] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\igfxpers.exe[4900] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\igfxpers.exe[4900] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\igfxsrvc.exe[4916] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\igfxsrvc.exe[4916] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\igfxsrvc.exe[4916] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[4984] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[4984] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[4984] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Garmin\Express Tray\ExpressTray.exe[4996] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Garmin\Express Tray\ExpressTray.exe[4996] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Garmin\Express Tray\ExpressTray.exe[4996] KERNEL32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\PrintKey2000\Printkey2000.exe[5108] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\PrintKey2000\Printkey2000.exe[5108] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\PrintKey2000\Printkey2000.exe[5108] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Users\VB\AppData\Roaming\Dropbox\bin\Dropbox.exe[5140] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Users\VB\AppData\Roaming\Dropbox\bin\Dropbox.exe[5140] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Users\VB\AppData\Roaming\Dropbox\bin\Dropbox.exe[5140] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\klickTel\klickTel OEM Herbst 2012\kstart32.exe[5264] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\klickTel\klickTel OEM Herbst 2012\kstart32.exe[5264] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\klickTel\klickTel OEM Herbst 2012\kstart32.exe[5264] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\taskeng.exe[5332] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\taskeng.exe[5332] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\taskeng.exe[5332] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5412] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5412] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5412] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\CCleaner\CCleaner.exe[5536] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\CCleaner\CCleaner.exe[5536] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\CCleaner\CCleaner.exe[5536] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\CCleaner\CCleaner.exe[5536] USER32.dll!SetScrollRange 75C08EC5 5 Bytes JMP 013A7DE4 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[5536] USER32.dll!GetScrollInfo 75C12DA3 5 Bytes JMP 013A7D77 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[5536] USER32.dll!SetScrollInfo 75C148DA 5 Bytes JMP 013A7E1B C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[5536] USER32.dll!GetScrollRange 75C3045A 5 Bytes JMP 013A7D1A C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[5536] USER32.dll!SetScrollPos 75C304BE 5 Bytes JMP 013A7CF5 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[5536] USER32.dll!GetScrollPos 75C30E43 5 Bytes JMP 013A7D52 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[5536] USER32.dll!EnableScrollBar 75C319CE 5 Bytes JMP 013A7E4F C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[5536] USER32.dll!ShowScrollBar 75C33C89 5 Bytes JMP 013A7DAA C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\TeamViewer\Version8\tv_w32.exe[5668] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\TeamViewer\Version8\tv_w32.exe[5668] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\TeamViewer\Version8\tv_w32.exe[5668] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\svchost.exe[5724] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\svchost.exe[5724] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\System32\svchost.exe[5724] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5940] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5940] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5940] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\ctfmon.exe[5992] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\ctfmon.exe[5992] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\ctfmon.exe[5992] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\igfxext.exe[6156] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\igfxext.exe[6156] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Windows\system32\igfxext.exe[6156] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[7268] ntdll.dll!NtMapViewOfSection 778F5C68 5 Bytes JMP 67FF1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[7268] ntdll.dll!NtWriteVirtualMemory 778F6AD8 5 Bytes JMP 67FF1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[7268] kernel32.dll!CreateProcessInternalW 74E60852 5 Bytes JMP 67FF1260 C:\Program Files\AVG\AVG2015\avghookx.dll
---- Devices - GMER 2.1 ----
Device \Driver\kbdclass \Device\KeyboardClass0 Tppwr32v.sys
Device \Driver\kbdclass \Device\KeyboardClass1 Tppwr32v.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269c6b540
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269c6b540@00162032508e 0x63 0xE2 0xED 0x8E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269c6b540 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269c6b540@00162032508e 0x63 0xE2 0xED 0x8E ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu Tabs laden selbstständig mit Reklame in allen Browsern bei W7 32bit |
| adware, antivirus, bildschirm, bonjour, browser, canon, ccsetup, computer, cpu, ebay, feedback, fehler, festplatte, firefox, flash player, karte, lightning, mozilla, netzwerk, officejet, problem, registry, rundll, scan, security, software, starmoney, svchost.exe, system, udp, windows |
Baum-Darstellung