| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Email-Adresse versendet SpammailsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.09.2015, 17:45
| #1 |
| |  Email-Adresse versendet Spammails Hallo zusammen, ich habe seit einigen Tagen das Problem, dass von meinem Mailaccount Spammails verschickt werden. Es ist mir unbekannt wo ich mir diesen Virus eingefangen habe oder ob es sich tatsächlich um einen Virus handelt, jedoch wurde mir von einem Bekannten empfohlen mein Problem hier an zusprechen. Ich habe mein Passwort geändert, aber das veränderte nichts an der Lage und es wurden weiterhin Spammails versendet. Auch habe ich auf allen Geräten (Laptop(Windwos 8.1) und Smartphone(Android)) die mit der Emailadresse in Verbindung stehen einen Virenscan durch geführt bei beiden wurde jedoch nichts gefunden(Hier zu habe ich keine Logs mehr.). Wie in den goldenen Regeln beschrieben habe ich nun die drei Programme benutzt und habe Logs erstellt. Ich hoffe das ihr mir helfen könnt. Defogger: defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:00 on 29/09/2015 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
durchgeführt von ***** (Administrator) auf X75V (29-09-2015 17:02:22)
Gestartet von C:\Users\*****\Downloads
Geladene Profile: ***** & UpdatusUser (Verfügbare Profile: ***** & UpdatusUser)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\Run: [Spotify Web Helper] => C:\Users\******\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-10] (Spotify Ltd)
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\Run: [Amazon Music] => C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-06-05] ()
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\Run: [GoogleChromeAutoLaunch_FB524861655B584465F1BA023A347E56] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-24] (Google Inc.)
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\Run: [Spotify] => C:\Users\*****\AppData\Roaming\Spotify\spotify.exe [7535672 2015-09-10] (Spotify Ltd)
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\Policies\Explorer\DisallowRun: [1] firefox.exe
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\MountPoints2: {3448ea64-ee3a-11e3-befc-08606e4c35fc} - "F:\Startme.exe"
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\MountPoints2: {49c230f1-ad5d-11e3-beee-08606e4c35fc} - "F:\Startme.exe"
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\MountPoints2: {4f2c859f-72f7-11e4-bf22-08606e4c35fc} - "F:\Startme.exe"
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\MountPoints2: {824887c6-2e6f-11e3-bea7-08606e4c35fc} - "G:\Startme.exe"
HKU\S-1-5-21-226644849-438525468-1118309550-1008\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\..\Interfaces\{6E7F3371-D941-4CC4-9896-A6088121ED37}: [NameServer] 192.168.0.1
Tcpip\..\Interfaces\{ED68718E-4F13-41D3-8285-B7D0E3D13572}: [NameServer] 192.168.0.1,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-226644849-438525468-1118309550-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-226644849-438525468-1118309550-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=648BEE85DE7B06C6
URLSearchHook: [S-1-5-21-226644849-438525468-1118309550-1008] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-226644849-438525468-1118309550-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-226644849-438525468-1118309550-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-226644849-438525468-1118309550-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=648BEE85DE7B06C6
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Kein Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Keine Datei
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1395162201&from=smt&uid=HitachiXHTS545050A7E380_TEJ51139DJNS7SDJNS7SX
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll [2011-11-18] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml [2014-03-18]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-06-09]
CHR Extension: (Adblock Plus) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-19]
CHR Extension: (ARC Welder) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2015-06-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (ARC Welder) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2015-06-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (YouTube Unblocker) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2014-08-12]
CHR Extension: (__MSG_extName__) - C:\Users\*****\Videos\Documents\ageofcivilizations115full-androidoyunclub.apk_export_niDnY [2015-06-09]
CHR Extension: (__MSG_extName__) - C:\Users\*****\Videos\Documents\ageofcivilizations115full-androidoyunclub.apk_export_niDnY [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-18]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1148688 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [238376 2015-05-04] (EasyAntiCheat Ltd)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-22] (Avira Operations GmbH & Co. KG)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 BTCFilterService; \SystemRoot\system32\DRIVERS\motfilt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 motccgp; \SystemRoot\System32\drivers\motccgp.sys [X]
S3 motccgpfl; \SystemRoot\System32\drivers\motccgpfl.sys [X]
S3 motmodem; \SystemRoot\system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; \SystemRoot\System32\drivers\motswch.sys [X]
S3 Motousbnet; \SystemRoot\system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; \SystemRoot\System32\drivers\motusbdevice.sys [X]
U4 secdrv; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-29 17:02 - 2015-09-29 17:03 - 00017189 _____ C:\Users\*****\Downloads\FRST.txt
2015-09-29 17:02 - 2015-09-29 17:02 - 00000000 ____D C:\FRST
2015-09-29 17:01 - 2015-09-29 17:01 - 02192384 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2015-09-29 17:00 - 2015-09-29 17:00 - 00000472 _____ C:\Users\*****\Downloads\defogger_disable.log
2015-09-29 17:00 - 2015-09-29 17:00 - 00000000 _____ C:\Users\*****\defogger_reenable
2015-09-29 16:59 - 2015-09-29 16:59 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2015-09-25 17:40 - 2015-09-26 19:54 - 00091836 _____ C:\Users\*****\Desktop\Die Hexer.odt
2015-09-25 16:05 - 2015-09-25 16:05 - 00000222 _____ C:\Users\*****\Desktop\Europa Universalis IV.url
2015-09-25 13:03 - 2015-09-25 13:08 - 00000619 _____ C:\Users\*****\Desktop\Über Katzen.txt
2015-09-23 20:16 - 2015-09-23 20:16 - 00000221 _____ C:\Users\*****\Desktop\Victoria Revolutions.url
2015-09-22 17:29 - 2015-09-24 21:19 - 00058932 _____ C:\Users\*****\Desktop\*****Charakterisierung.odt
2015-09-16 16:17 - 2015-09-23 18:41 - 00000000 ____D C:\Users\*****\Desktop\Writing Excuses 5
2015-09-12 16:06 - 2015-09-18 18:04 - 00000000 ____D C:\Users\*****\Downloads\FTG_1_3_29Dec
2015-09-12 16:05 - 2015-09-12 16:06 - 18820710 _____ C:\Users\*****\Downloads\FTG_1_3_29Dec.7z
2015-09-12 13:16 - 2015-09-18 17:25 - 00000221 _____ C:\Users\*****\Desktop\For The Glory.url
2015-09-11 16:57 - 2015-09-11 16:57 - 00000222 _____ C:\Users\*****\Desktop\Crusader Kings Complete.url
2015-09-11 16:46 - 2015-09-29 13:29 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-11 16:46 - 2015-09-11 16:46 - 00000975 _____ C:\Users\Public\Desktop\Steam.lnk
2015-09-11 16:46 - 2015-09-11 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-09-10 21:50 - 2015-09-10 22:55 - 00000000 ____D C:\Program Files (x86)\C-evo
2015-09-10 13:00 - 2015-09-10 22:49 - 00000000 ____D C:\Users\*****\AppData\Roaming\C-evo
2015-09-08 22:48 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-08 22:48 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-08 22:48 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-08 22:48 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-08 22:48 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-08 22:48 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-08 22:48 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-08 22:48 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-08 22:48 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-08 22:48 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-08 22:48 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-08 22:48 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-08 22:48 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-08 22:48 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-08 22:48 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-08 22:48 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-08 22:48 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-08 22:48 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-08 22:48 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-08 22:48 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-08 22:48 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-08 22:48 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-08 22:48 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-08 22:48 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-08 22:48 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-08 22:48 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-08 22:48 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-08 22:48 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-08 22:48 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-08 22:48 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-08 22:48 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-08 22:48 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-08 22:48 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-08 22:48 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-08 22:48 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-08 22:48 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-08 22:48 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-08 22:48 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-08 22:48 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-08 22:48 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-08 22:48 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-08 22:48 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-08 22:48 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-08 22:48 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-08 22:48 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-08 22:48 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-08 22:48 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-08 22:48 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-08 22:48 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-08 22:48 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-08 22:48 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-08 22:48 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-08 22:47 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-08 22:47 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-08 22:47 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-08 22:47 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-08 22:47 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-08 22:47 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-08 22:47 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-08 22:47 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-08 22:47 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-08 22:47 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-08 22:47 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-08 22:47 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-08 22:47 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-08 22:47 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-08 22:47 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-08 22:47 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-08 22:47 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-08 22:47 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-08 22:47 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-08 22:47 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-08 22:47 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-08 22:47 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-08 22:47 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-08 22:47 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-08 22:47 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-08 22:47 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-08 22:47 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-06 21:24 - 2015-09-06 21:24 - 00000847 _____ C:\Users\*****\AppData\Local\recently-used.xbel
2015-09-06 17:51 - 2015-09-06 17:53 - 04762478 _____ C:\Users\*****\Desktop\Weltkarte-blank.svg
2015-09-06 14:33 - 2015-09-06 14:33 - 00000087 ____H C:\Users\*****\Desktop\.~lock.Homo faber.MP4#
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-29 17:00 - 2014-01-12 21:30 - 00000000 ____D C:\Users\*****
2015-09-29 17:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-29 16:51 - 2013-02-08 19:47 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-29 16:40 - 2014-09-11 02:34 - 01052502 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-29 16:30 - 2013-09-02 14:21 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-29 14:00 - 2014-05-19 14:00 - 00002096 _____ C:\WINDOWS\Tasks\396a931f-cee7-452b-9e97-17f0a91e645a-4.job
2015-09-29 13:59 - 2014-05-19 13:59 - 00003450 _____ C:\WINDOWS\Tasks\396a931f-cee7-452b-9e97-17f0a91e645a-3.job
2015-09-29 13:17 - 2013-02-05 12:58 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-226644849-438525468-1118309550-1001
2015-09-29 13:12 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-29 13:06 - 2014-03-18 20:40 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A674EFEF-598F-41CF-A610-7C4F5B9A8590}
2015-09-29 13:02 - 2014-01-12 22:24 - 00000000 __RDO C:\Users\*****\SkyDrive
2015-09-29 13:02 - 2013-10-08 19:40 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cec44d6a6b842e.job
2015-09-28 16:57 - 2013-05-04 13:52 - 00000000 ____D C:\Users\*****\AppData\Local\Spotify
2015-09-28 16:52 - 2015-01-10 23:51 - 00000000 ____D C:\Users\*****\Desktop\Schulische Dolument K1
2015-09-28 15:16 - 2013-05-04 13:50 - 00000000 ____D C:\Users\*****\AppData\Roaming\Spotify
2015-09-24 17:40 - 2015-04-22 21:12 - 00000000 ____D C:\Users\*****\Videos\Documents\My Games
2015-09-24 16:08 - 2014-06-18 17:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-09-24 16:08 - 2014-03-11 23:11 - 00000000 ____D C:\Users\*****\AppData\Local\Thunderbird
2015-09-24 07:42 - 2015-01-02 18:42 - 00038778 _____ C:\WINDOWS\setupact.log
2015-09-24 07:42 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-22 21:44 - 2013-04-10 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-22 21:41 - 2013-05-07 22:07 - 00074440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-09-22 21:41 - 2013-04-10 19:25 - 00137800 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-09-22 20:00 - 2014-07-30 12:20 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TripleA
2015-09-22 20:00 - 2014-07-30 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TripleA
2015-09-22 19:56 - 2015-07-04 16:13 - 00000000 ____D C:\Program Files (x86)\TripleA
2015-09-22 17:53 - 2013-02-08 19:47 - 00003766 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-22 16:58 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-21 17:35 - 2013-12-16 19:49 - 00025418 _____ C:\Users\*****\Videos\Documents\Unbenannt 1.odt
2015-09-18 17:25 - 2013-12-10 14:27 - 00003864 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cec44d6a6b842e
2015-09-18 17:25 - 2013-09-02 14:21 - 00004100 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 14:42 - 2013-06-05 14:19 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2015-09-16 13:55 - 2013-09-02 14:21 - 00000000 ____D C:\Users\*****\AppData\Local\Google
2015-09-15 03:18 - 2015-03-13 14:04 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2015-03-13 14:04 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 13:38 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-13 20:23 - 2015-03-29 18:42 - 00000000 ____D C:\Users\*****\Desktop\Projekte
2015-09-12 01:17 - 2013-11-14 09:27 - 01960188 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-12 01:17 - 2013-11-14 09:11 - 00830894 _____ C:\WINDOWS\system32\perfh007.dat
2015-09-12 01:17 - 2013-11-14 09:11 - 00183768 _____ C:\WINDOWS\system32\perfc007.dat
2015-09-11 17:31 - 2015-01-27 20:29 - 00072952 _____ C:\WINDOWS\DirectX.log
2015-09-11 15:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-11 14:00 - 2013-08-22 16:44 - 00497528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-11 13:57 - 2015-01-02 16:53 - 00215154 _____ C:\WINDOWS\PFRO.log
2015-09-10 23:43 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-10 23:39 - 2013-11-14 09:13 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 23:39 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-10 22:55 - 2015-04-10 01:12 - 00000651 _____ C:\Users\*****\Videos\Documents\Uninstall STAR WARS The Old Republic.log
2015-09-09 13:34 - 2013-08-31 21:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-06 21:50 - 2014-05-26 17:51 - 00000000 ____D C:\Users\*****\.gimp-2.8
2015-09-06 21:24 - 2014-05-27 13:17 - 00000000 ____D C:\Users\*****\AppData\Local\gtk-2.0
2015-09-03 15:07 - 2013-04-10 19:25 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-09-06 21:24 - 2015-09-06 21:24 - 0000847 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2013-12-20 14:30 - 2013-12-20 14:30 - 0007605 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
Einige Dateien in TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\bitool.dll
C:\Users\*****\AppData\Local\Temp\BRSVC_18420437_hlp.exe
C:\Users\*****\AppData\Local\Temp\comver.dll
C:\Users\*****\AppData\Local\Temp\EBU252A.exe
C:\Users\*****\AppData\Local\Temp\EBU3CAA.DLL
C:\Users\*****\AppData\Local\Temp\iiuninst.exe
C:\Users\*****\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\*****\AppData\Local\Temp\project1.exe
C:\Users\*****\AppData\Local\Temp\utt4E33.tmp.exe
C:\Users\*****\AppData\Local\Temp\utt8D59.tmp.exe
C:\Users\*****\AppData\Local\Temp\uttE996.tmp.exe
C:\Users\*****\AppData\Local\Temp\uttEDC.tmp.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-24 08:03
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
durchgeführt von ***** (2015-09-29 17:05:59)
Gestartet von C:\Users\*****\Downloads
Windows 8.1 (X64) (2014-01-12 20:20:52)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-226644849-438525468-1118309550-500 - Administrator - Disabled)
***** (S-1-5-21-226644849-438525468-1118309550-1001 - Administrator - Enabled) => C:\Users\*****
Gast (S-1-5-21-226644849-438525468-1118309550-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-226644849-438525468-1118309550-1008 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\Amazon Amazon Music) (Version: 3.0.0.564 - Amazon Services LLC)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.202 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Crusader Kings Complete (HKLM-x32\...\Steam App 204940) (Version: - Paradox Development Studio)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
For The Glory (HKLM-x32\...\Steam App 42810) (Version: - Crystal Empire Games)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hotfix für Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (KB944899) (HKLM-x32\...\{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}.KB944899) (Version: 1 - Microsoft Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Lazarus 1.2.6 (HKLM\...\lazarus_is1) (Version: 1.2.6 - Lazarus Team)
LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{1C3F92D0-3EC5-4CD4-9D5E-1E7834B65BB8}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM-x32\...\{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008-Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU Service Pack 1 (KB945140) (HKLM-x32\...\{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
MTX (HKLM-x32\...\{6583D00E-0924-4950-8BE9-5D09FE70B333}) (Version: 1.0.0 - mektek.net)
NVIDIA Grafiktreiber 311.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.44 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)
Sql Server Customer Experience Improvement Program (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steel Panthers World At War v8.20 (HKLM-x32\...\spwawv820Public) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
TripleA Version 1_8_0_7 (HKLM-x32\...\TripleAVersion1_8_0_7) (Version: - )
Victoria: Revolutions (HKLM-x32\...\Steam App 42980) (Version: - Paradox Development Studio)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
yWriter5 (HKLM-x32\...\yWriter5_is1) (Version: - Spacejock Software)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
25-09-2015 16:53:51 Geplanter Prüfpunkt
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0CD7022C-207F-4D7C-AB42-2B53769E5F97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1451BA1D-0A93-4659-AD48-398ACEABA375} - System32\Tasks\{529E2F68-F18F-435E-955A-9AA63562B1C6} => pcalua.exe -a C:\Users\*****\Downloads\superpower_demo\superpower_demo.exe -d C:\Users\*****\Downloads\superpower_demo
Task: {1CCAD141-400E-4B2A-87F8-445CD93041BE} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe <==== ACHTUNG
Task: {1D3D9376-14F5-436F-950D-DAE38EA9BDDF} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ACHTUNG
Task: {23DFE59E-7289-447C-8A77-6512DBB27EE0} - System32\Tasks\{8AEE9BD8-936F-496C-AF90-B163DED2C9C0} => pcalua.exe -a C:\Users\*****\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {245C34AE-FC9F-4A78-B0D1-CD68DA362C10} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {2C0FF274-6E11-4A73-BDD0-2B53D72DFDBC} - System32\Tasks\396a931f-cee7-452b-9e97-17f0a91e645a-4 => C:\Program Files (x86)\Fpro_1.2\396a931f-cee7-452b-9e97-17f0a91e645a-4.exe <==== ACHTUNG
Task: {379ABEBC-5E4E-471D-9550-5C7A0AB8B1C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {39EB7719-0AC4-44B9-8E2A-2117CC372B53} - System32\Tasks\396a931f-cee7-452b-9e97-17f0a91e645a-3 => C:\Program Files (x86)\Fpro_1.2\396a931f-cee7-452b-9e97-17f0a91e645a-3.exe <==== ACHTUNG
Task: {3A52FB0B-29E2-43AC-BE6B-FAA205EA274A} - System32\Tasks\{06E41BAD-B555-49F9-A008-C1FEB747BE48} => pcalua.exe -a F:\DIRECTX\DX80eng.exe -d F:\DIRECTX
Task: {3AB7FE60-F149-4550-A16F-A1C2D5F07225} - System32\Tasks\{61774690-BF5F-43C2-A5DD-34CDBF967CF3} => pcalua.exe -a C:\Users\*****\Downloads\SWTOR_setup.exe -d C:\Users\*****\Downloads
Task: {3B8297F8-A24F-451D-8EAD-75CCFD34D9EF} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {69A68A91-8512-40A1-B02C-3AAA8767855B} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe <==== ACHTUNG
Task: {83FE478F-FA99-4086-846E-D9EE215540AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9C5F4FB6-6AD0-4B89-88CA-B64FA2B93DF4} - System32\Tasks\{121C2716-463A-4A3F-8796-EE57D9B93E10} => pcalua.exe -a "C:\Program Files (x86)\Cossacks - Back To War\clancher.exe" -d "C:\Program Files (x86)\Cossacks - Back To War"
Task: {A6D8807C-52FD-40AA-9E46-339E27B61528} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {B9AD16E0-6C62-4BD7-9B35-ABFE53E1D757} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CE71724D-A73D-46A2-A16D-39DCD82D767A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {D5C21810-AD50-42D9-B898-F57A95CBDF2A} - System32\Tasks\GoogleUpdateTaskMachineCore1cec44d6a6b842e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DDF73BA4-2CDB-4927-8053-BFAA8A55C1EC} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {F6FCD16F-E6AE-4595-ADF2-A26E9FB58855} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ACHTUNG
Task: {FB240927-8785-4962-9405-5E65A2CC8F5F} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\396a931f-cee7-452b-9e97-17f0a91e645a-3.job => C:\Program Files (x86)\Fpro_1.2\396a931f-cee7-452b-9e97-17f0a91e645a-3.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\396a931f-cee7-452b-9e97-17f0a91e645a-4.job => C:\Program Files (x86)\Fpro_1.2\396a931f-cee7-452b-9e97-17f0a91e645a-4.exeͣ/xIQAcpD /WEWpnDndJ='Fpro_1.2' /LDHwgMPS C:\Program Files (x86)\Fpro_1.2\54253.xpi' /DCIbr=54253 /zsnuLl='001361' /SCeZS='verticals-' /YKnFuZWCG='0' /dSbBW=CDA21D3DBDD3431CBB976DC553BCB432IE /SEwGt=de39ee7379786d4030d2492779ff503f /Lhoyz=1_34_05_12 /OqFigLps=1.34.5.12 /HCVtWm=1400500761 /IRKwsXs=http:/stats.clientstaticserv.com /CoqeIeAEI=http:/errors.clientstaticserv.com /ycCENAi=300 /wJrxwWMb=2ab9302c-551a-4804-9971-9932d6d5b0f9@2bfa4cf8-298a-4792-80d5-75352ee81de1.com /DxSKtSLu=0.94 /FcMTBQVI=a2ab9302c551a480499719932d6d5b0f92bfa4cf8298a479280d575352ee81de1com54253 /wWjedjQb=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/54253.rdf /bxwMo='Fpro_1.2' /nVqQT='Feven Shopping Companion' /liPYuTd='Freeven' /JndaGCGI=ch /WojsYJSUB /bNiuEuS /huqWq /hqqjc='http:/update.clientstaticserv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ACHTUNG
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cec44d6a6b842e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-12 21:25 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-09-25 19:32 - 2015-09-24 04:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-25 19:32 - 2015-09-24 04:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\*****\SkyDrive:ms-properties
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-226644849-438525468-1118309550-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\Pictures\Wallpaper\fantasy-wallpapers-and-backgrounds---w8themes-lfz7euzv.jpg
HKU\S-1-5-21-226644849-438525468-1118309550-1008\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_FB524861655B584465F1BA023A347E56"
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-226644849-438525468-1118309550-1001\...\StartupApproved\Run: => "Skype"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{67D594D2-F82F-4389-BB9B-4BB46FB07CC5}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{2FB36D09-DE1B-45B3-9231-28ADB7F04866}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{37D992DB-D0EB-4983-B3AC-77E85A5F04DA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8F9A7C91-901C-41B7-B8AD-F279202DC8B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [UDP Query User{428A4F20-58E5-46ED-A593-CF461ACBEEEF}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\*****\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{494B296B-CDCB-4107-B75A-CE68BAC74765}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\*****\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{67906FA9-6A96-48AA-94AB-8EB99A25E9DA}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\*****\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{42294A46-F8A9-48F7-A8AD-AF9D7E15E8F1}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\*****\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9AD39FCE-FFE8-4BC9-9169-1572DCD3E50D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F4741AB-6AE3-4BFB-9041-3BDC96242A14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A43FC8A9-E66F-4306-B6CC-63529D9D4628}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2165F1D0-E5E4-452C-9558-7471B7B8117D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{C4271F25-7D9C-4120-8BC7-66E2ABF02A85}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F4DCD1ED-672A-41EF-A1CB-30723E5000A6}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{DB944307-F563-40D2-8200-4DC3DB4D626D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{0EEAF1EE-E58C-4410-A813-93A1D5802E96}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{CB572686-B503-4944-973C-0427C4720481}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{FEC7F19A-AB6F-4073-AD79-AD632AE79AF2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{67E675B3-482C-4E01-B9A6-72A1C8AF7545}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{70CB9FAD-40D6-4DDE-9A3C-EF5AFBFCA769}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{8C7327CA-ED43-488F-B7B4-1F577A6343BB}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{A7617BE4-A167-41B2-A16F-339A569ADB96}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{95812A6C-0D3C-4C72-B447-BAAA673EAF65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{68EADB22-4F2D-4B79-B173-CC79C9C3208F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{8A7E644B-3681-488C-85C6-5CF19CBFB454}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{3B9D192C-4D37-4388-A710-63D8BBFD4C71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{1057B2E7-7325-468C-9394-AB08D6DBBC5D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A07944D3-B217-4E31-A190-ECF041F4DDF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{75281AAF-6639-49F5-AAEE-5386A0857752}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe
FirewallRules: [UDP Query User{BEFE5CC8-DA46-4446-B4C4-ABA8602A5177}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe
FirewallRules: [{80B031A7-6284-4122-86AE-DA7B9AE4C407}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{69025271-9DEF-4B8C-9BFF-9CCECD1DAB8C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{831F3016-70DB-4176-A243-4AB9C12F0233}C:\program files (x86)\lan\warcraft iii(mal)\war3.exe] => (Allow) C:\program files (x86)\lan\warcraft iii(mal)\war3.exe
FirewallRules: [UDP Query User{FC6CD3D4-923E-49F9-A1CE-58628E4F3E75}C:\program files (x86)\lan\warcraft iii(mal)\war3.exe] => (Allow) C:\program files (x86)\lan\warcraft iii(mal)\war3.exe
FirewallRules: [TCP Query User{E0679817-AA04-4B40-948F-F1F5945A5B04}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{1A449BA5-86E4-4AFD-91A9-486BE5FDADE8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{841C5AEA-6698-4C10-8AB6-6388BB157EA8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{C2181E2E-8358-487A-A0BC-0D192892C1BA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{1C477534-6B51-4610-AC84-049D73158AAE}] => (Allow) D:\Programme\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{C05F3E98-11CC-4837-9298-F85FE48769C2}] => (Allow) D:\Programme\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{371E56DC-E413-4327-B2E3-B032CD753678}] => (Allow) D:\Programme\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{208AA150-A7CF-42EF-AF83-7F9A18B671C4}] => (Allow) D:\Programme\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{564D2FDB-DAE8-4B79-B9FF-DB7D9C9C322A}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{C5A7FC4C-B81C-4061-8720-0F021BC49B32}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [TCP Query User{46C979C8-7A00-4D32-A0A1-73F5D3A52C8A}C:\users\*****\appdata\local\temp\rarsfx0\hl.exe] => (Allow) C:\users\*****\appdata\local\temp\rarsfx0\hl.exe
FirewallRules: [UDP Query User{507777D5-32DF-42A1-9ADF-BABD9F0F2EC8}C:\users\*****\appdata\local\temp\rarsfx0\hl.exe] => (Allow) C:\users\*****\appdata\local\temp\rarsfx0\hl.exe
FirewallRules: [{405A91A0-DF6E-4C39-BFD7-23559884E1D9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{487EA5A9-3EB9-4D18-A396-F9205ED74AE3}C:\users\*****\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\*****\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{A0275951-520D-4E1D-B89A-2BF969282D6A}C:\users\*****\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\*****\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{81E813FB-2BDE-4058-9FCC-25E2DCBAD30D}D:\programme\warcraft iii(mal)\war3.exe] => (Allow) D:\programme\warcraft iii(mal)\war3.exe
FirewallRules: [UDP Query User{3D9C7E41-A50A-4CBA-AFC7-52939FF4ACD8}D:\programme\warcraft iii(mal)\war3.exe] => (Allow) D:\programme\warcraft iii(mal)\war3.exe
FirewallRules: [TCP Query User{456A3D2C-7116-4463-913A-B2B4FF4EC1CC}C:\users\*****\desktop\call of duty 1\codmp.exe] => (Block) C:\users\*****\desktop\call of duty 1\codmp.exe
FirewallRules: [UDP Query User{8D9835D9-4B16-45AC-9B9E-525DAD1062CE}C:\users\*****\desktop\call of duty 1\codmp.exe] => (Block) C:\users\*****\desktop\call of duty 1\codmp.exe
FirewallRules: [TCP Query User{A67424CC-6F9C-443E-8CA1-7C9EF79C58B8}C:\users\*****\desktop\call of duty 1\codmp.exe] => (Allow) C:\users\*****\desktop\call of duty 1\codmp.exe
FirewallRules: [UDP Query User{DFA3486C-B899-4286-8FB4-2EC32D712ECC}C:\users\*****\desktop\call of duty 1\codmp.exe] => (Allow) C:\users\*****\desktop\call of duty 1\codmp.exe
FirewallRules: [TCP Query User{38E8B46C-9226-4761-8C4C-6B7B45C1D84F}C:\program files (x86)\dreamcatcher\superpower 2 - demo\joshua.exe] => (Allow) C:\program files (x86)\dreamcatcher\superpower 2 - demo\joshua.exe
FirewallRules: [UDP Query User{E4A84709-F9EB-49D2-B4C3-968F633B3698}C:\program files (x86)\dreamcatcher\superpower 2 - demo\joshua.exe] => (Allow) C:\program files (x86)\dreamcatcher\superpower 2 - demo\joshua.exe
FirewallRules: [TCP Query User{13E5C847-C4C0-4025-8299-BE1DB13C6F4C}C:\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2C828627-80B3-4E81-A377-4FD146E5F4D2}C:\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [TCP Query User{50A751AB-BEAE-4716-B8FE-D44297C9E7ED}C:\program files (x86)\wolfenstein - enemy territory\et.exe] => (Allow) C:\program files (x86)\wolfenstein - enemy territory\et.exe
FirewallRules: [UDP Query User{BAC5E4B4-2AC4-41BB-B73D-8E3D8716E30F}C:\program files (x86)\wolfenstein - enemy territory\et.exe] => (Allow) C:\program files (x86)\wolfenstein - enemy territory\et.exe
FirewallRules: [{CE8D7331-68E7-4D4C-8900-C162E3519D2A}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A67675CF-458B-4479-A18B-1DA61C28AEBA}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [TCP Query User{D4B6425E-B778-4646-9B1B-B4E088E976CB}C:\games\brutal nature\brutal nature.exe] => (Allow) C:\games\brutal nature\brutal nature.exe
FirewallRules: [UDP Query User{D794E8AA-F163-4114-BB1D-8DB54EE3BDB2}C:\games\brutal nature\brutal nature.exe] => (Allow) C:\games\brutal nature\brutal nature.exe
FirewallRules: [TCP Query User{9F6FED97-5280-4202-80C3-BC9EBDDB3720}C:\games\brutal nature\server.exe] => (Allow) C:\games\brutal nature\server.exe
FirewallRules: [UDP Query User{5CB568E2-9871-4423-9BCA-3F2E92F11D7C}C:\games\brutal nature\server.exe] => (Allow) C:\games\brutal nature\server.exe
FirewallRules: [{91982B92-AB7A-4543-A3F5-144F0095FD75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{B8B5718E-ECB2-4AC5-A9AA-AEACEBE5D906}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{2A1932D0-A437-4DEC-BA82-3678E42C8F3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{C01BBD9B-47E4-4841-82D8-94B1DC899E08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{EF4B69DB-E942-46A9-A199-9AF5991A53F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria Revolutions\Victoria.exe
FirewallRules: [{E5F78EF7-DBC7-4C81-981A-99E7623EFE08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria Revolutions\Victoria.exe
FirewallRules: [TCP Query User{6EBE1A51-99E3-4561-9677-6069132A27EE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2AC88B9C-F357-4B98-A197-6D7E0749D654}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{43D7C61B-E635-4C1F-88CF-8BDCACD8EDF2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F12CC767-7189-4351-BF43-35A494F3FF53}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CD639FDC-36BD-437C-869A-BA5C83B66F35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings\Crusaders.exe
FirewallRules: [{42FBEA24-3C1B-4F27-B52E-1A8617D8027E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings\Crusaders.exe
FirewallRules: [{43EA244B-ED05-4112-9BFA-27F9EE8906A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{C3664441-8E25-40DB-844A-680FA9A8CAC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{C23B6E91-7E10-4126-962C-3B5BB52905AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{5C72F6D1-08AF-4CC0-B32C-E305736B98B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{1739A3CF-C640-4429-8F08-92080C1E1118}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\For The Glory\FTG.exe
FirewallRules: [{81FAA714-85E6-4EA9-A6E5-9A01BA2060C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\For The Glory\FTG.exe
FirewallRules: [{C4F2885F-1F9F-4D4F-A953-29E862620F17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{DB80D8CA-5ED5-456C-88EF-C2D87A20F3F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{ACA6223D-256C-43E6-8CF5-4620E9F7418C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/29/2015 01:01:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 52365657
Error: (09/29/2015 01:01:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 52365657
Error: (09/29/2015 01:01:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/28/2015 10:28:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19735
Error: (09/28/2015 10:28:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19735
Error: (09/28/2015 10:28:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/28/2015 10:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18391
Error: (09/28/2015 10:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18391
Error: (09/28/2015 10:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/28/2015 10:28:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17079
Systemfehler:
=============
Error: (09/29/2015 05:03:33 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.
Error: (09/24/2015 08:28:23 AM) (Source: DCOM) (EventID: 10010) (User: X75V)
Description: {5C65F4B0-3651-4514-B207-D10CB699B14B}
Error: (09/24/2015 07:43:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (09/23/2015 10:33:44 PM) (Source: volsnap) (EventID: 29) (User: )
Description: Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen.
Error: (09/24/2015 07:42:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.09.2015 um 21:09:06 unerwartet heruntergefahren.
Error: (09/22/2015 07:33:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
Error: (09/22/2015 07:30:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (09/22/2015 07:29:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/22/2015 07:29:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/22/2015 07:28:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 22.09.2015 um 18:52:44 unerwartet heruntergefahren.
CodeIntegrity:
===================================
Date: 2014-08-23 23:06:17.807
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-08-23 23:06:17.461
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-19 17:24:27.701
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-19 17:24:27.415
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-08 09:31:35.200
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Definition Updates\{A205656D-699F-4A4A-89AE-AE9DCA026565}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-08 09:31:32.427
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D251598-9F2B-415C-9A5F-FED204F376AF}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-01-29 15:11:07.022
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-01-29 15:10:56.182
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-01-29 15:03:50.276
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-01-29 15:03:13.624
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Prozentuale Nutzung des RAM: 46%
Installierter physikalischer RAM: 3979.71 MB
Verfügbarer physikalischer RAM: 2126.46 MB
Summe virtueller Speicher: 5946.79 MB
Verfügbarer virtueller Speicher: 3536.48 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:146.48 GB) (Free:34.79 GB) NTFS
Drive d: () (Fixed) (Total:97.65 GB) (Free:80.59 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 944CB54D)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Gmer.log Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-29 18:07:42
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\pxldipob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600024b300 15 bytes [00, 0B, F2, 01, 00, 06, 6C, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600024b310 8 bytes [00, D7, FB, FF, 00, D3, CD, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9dd393e10 7 bytes JMP 00007ffadaa602d0
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9dd393e20 7 bytes JMP 00007ffadaa60308
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9dd4439b0 7 bytes JMP 00007ffadaa603b0
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9dd443ef0 7 bytes JMP 00007ffadaa60340
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9dd443fe0 7 bytes JMP 00007ffadaa60378
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9dd4706c0 7 bytes JMP 00007ffadaa60228
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9dd470730 7 bytes JMP 00007ffadaa60298
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff9dd470760 7 bytes JMP 00007ffadaa60260
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9daa721d0 5 bytes JMP 00007ffadaa60180
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9daa729d0 7 bytes JMP 00007ffadaa600d8
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9daa74310 5 bytes JMP 00007ffadaa60110
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9daa78d80 5 bytes JMP 00007ffadaa60148
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9db116d90 10 bytes JMP 00007ffadaa60490
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9db1274a0 5 bytes JMP 00007ffadaa60458
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9db127560 1 byte JMP 00007ffadaa603e8
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ff9db127562 7 bytes {JMP 0xffffffffff938e88}
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9db136b10 5 bytes JMP 00007ffadaa60420
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9dd4d1500 8 bytes JMP 00007ffadaa601b8
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9dd4d1750 8 bytes JMP 00007ffadaa601f0
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory 00007ff9d8547750 5 bytes JMP 00007ffad85300d8
.text C:\WINDOWS\System32\dwm.exe[4808] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1 00007ff9d8548ee0 5 bytes JMP 00007ffad8530110
---- Threads - GMER 2.1 ----
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2012] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2016] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2020] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2024] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2028] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2032] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2036] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2040] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2044] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:852] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:1164] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:1172] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:1096] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2360] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2364] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2368] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2376] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2380] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2388] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2392] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2476] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2512] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2516] 0000000076f94a00
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:5132] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:6084] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2548] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2640] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:6076] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2784] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:1180] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:5520] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:3448] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:3696] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:3404] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:3472] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:1276] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2920] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:824] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:4520] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:2528] 0000000073b029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [1804:5172] 0000000073b029e1
Thread C:\WINDOWS\system32\csrss.exe [4256:3664] fffff9600097e2d0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1568708270
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ...
---- EOF - GMER 2.1 ----
MFG CrshdBounty |
| Themen zu Email-Adresse versendet Spammails |
| akamai, antivir, antivirus, avira, bonjour, converter, cpu, desktop, device driver, dnsapi.dll, flash player, google, iexplore.exe, mozilla, mp3, problem, prozesse, registry, rundll, scan, server, software, spam versand von meinem account, svchost.exe, system, virus, warnung, windows |
Baum-Darstellung