| haward123 | 03.02.2015 15:36 |
Im Avira Programm in der Quarantäne wurden drei Dateien gefunden.
Ich schreibe diese gerade ab deshalb dauert das ganze ein wenig.
1.
gefunden: Adware/DownGuide.dmu
Dateiname: C:/Users/Sey/Downloads/operae.exe
2.
Dateiname: C:/Users/Sey/AppData/Local/Temp/is45637729/232296_stp/Generic_vo.exe
Gefunden: Adware/VOPack.174340
3.
Dateiname: C:/Users/Sey/AppData/Local/Temp/is45637729/1974523_stp/Generic_vo.exe
Ich habe das Programm nochmal auf mein Desktop geladen und die Daten nochmal hineingefügt
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Sey (administrator) on SEYHAN on 03-02-2015 15:19:20
Running from C:\Users\Sey\Desktop
Loaded Profiles: Sey (Available profiles: Sey)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Security Stronghold) C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Sey\Desktop\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-10-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-30] ()
HKLM-x32\...\Run: [Stronghold AntiMalware] => C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe [6495144 2014-09-03] (Security Stronghold)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-254765840-3105052261-2340691044-1001\...\Run: [InetStat] => C:\Users\Sey\AppData\Roaming\InetStat\inetstat.exe [726542 2015-01-15] ()
Startup: C:\Users\Sey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409425037&from=cvs2&uid=ST320LT020-9YG142_W049K8GTXXXXW049K8GT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409425037&from=cvs2&uid=ST320LT020-9YG142_W049K8GTXXXXW049K8GT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> DefaultScope {06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} URL =
SearchScopes: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> {06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} URL =
Toolbar: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSearchURL: Default -> hxxp://istart.webssearches.com/web/?type=ds&ts=1409425037&from=cvs2&uid=ST320LT020-9YG142_W049K8GTXXXXW049K8GT&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-13]
CHR Extension: (Google Drive) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-13]
CHR Extension: (Google-Suche) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-13]
CHR Extension: (Avira Browserschutz) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-06]
CHR Extension: (Allin1Convert) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl [2015-02-03]
CHR Extension: (Google Wallet) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Google Mail) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
R3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-10-19] (ELAN Microelectronics Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-07] (Dritek System INC.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-30] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
S2 UpdaterSvcravingreyven; "C:\Program Files (x86)\raving reyven\updater.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-30] (AVG Technologies)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-09] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-17] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-07] (Intel Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-07] (Dritek System Inc.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 15:19 - 2015-02-03 15:20 - 00015534 _____ () C:\Users\Sey\Desktop\FRST.txt
2015-02-03 15:15 - 2015-02-03 15:15 - 02131456 _____ (Farbar) C:\Users\Sey\Desktop\FRST64 (1).exe
2015-02-03 15:05 - 2015-02-03 15:07 - 00020531 _____ () C:\Users\Sey\Downloads\Addition.txt
2015-02-03 15:03 - 2015-02-03 15:07 - 00024659 _____ () C:\Users\Sey\Downloads\FRST.txt
2015-02-03 15:02 - 2015-02-03 15:19 - 00000000 ____D () C:\FRST
2015-02-03 15:02 - 2015-02-03 15:02 - 02131456 _____ (Farbar) C:\Users\Sey\Downloads\FRST64.exe
2015-02-03 13:04 - 2015-02-03 13:06 - 00000000 ____D () C:\Users\Sey\Desktop\türkan
2015-01-22 17:53 - 2015-01-22 17:53 - 00066702 _____ () C:\Users\Sey\Downloads\Demet Hanim Interview (1).odt
2015-01-22 12:32 - 2015-01-22 14:56 - 00066402 _____ () C:\Users\Sey\Downloads\Demet Hanim Interview.odt
2015-01-19 21:42 - 2015-01-19 21:42 - 00056686 _____ () C:\Users\Sey\Downloads\Nu0130NNu0130LER 17 OCAK 2015 RUHSALLIK VE HALK EZGu0130LERu0130 SON.jpeg
2015-01-18 18:14 - 2014-04-16 19:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-01-18 18:14 - 2014-04-16 19:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-14 10:57 - 2014-11-27 03:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-14 10:57 - 2014-11-27 02:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-14 10:56 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-14 10:56 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-14 10:56 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-14 10:56 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-14 10:56 - 2014-10-27 23:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-14 10:55 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-14 10:55 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-14 10:55 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-14 10:55 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-14 10:55 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-14 10:55 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-14 10:55 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-14 10:49 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:49 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:49 - 2014-12-11 08:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:49 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:49 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 10:49 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 10:49 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 10:49 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:49 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 10:49 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 10:49 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 10:49 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 10:49 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 10:49 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 10:49 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 10:49 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 15:20 - 2014-09-15 12:31 - 01592444 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 15:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-03 14:49 - 2014-09-14 16:58 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2015-02-03 14:31 - 2013-09-13 16:14 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 14:25 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 13:30 - 2013-10-14 20:33 - 00000000 ____D () C:\Users\Sey\AppData\Local\CrashDumps
2015-02-03 13:27 - 2013-09-13 16:05 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-254765840-3105052261-2340691044-1001
2015-02-03 13:03 - 2012-12-08 05:42 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 13:03 - 2012-12-08 05:42 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 13:03 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 12:58 - 2013-09-13 16:14 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 12:58 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 13:00 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-28 23:19 - 2014-11-21 22:57 - 00000000 ___HD () C:\$Windows.~BT
2015-01-28 17:53 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 20:26 - 2013-09-13 16:18 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-24 21:20 - 2014-11-28 20:39 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-11-28 20:39 - 00106432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 14:55 - 2013-10-26 12:17 - 00066030 _____ () C:\Users\Sey\Desktop\OpenDocument Text (neu).odt
2015-01-22 14:55 - 2013-09-30 19:43 - 00103424 ___SH () C:\Users\Sey\Desktop\Thumbs.db
2015-01-20 20:14 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-01-19 11:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-01-19 11:39 - 2014-09-15 17:14 - 00047196 _____ () C:\Windows\PFRO.log
2015-01-18 18:35 - 2013-09-30 20:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 18:22 - 2013-09-30 20:17 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 19:32 - 2014-08-30 20:01 - 00000000 ____D () C:\Users\Sey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2015-01-15 19:32 - 2014-08-30 20:01 - 00000000 ____D () C:\Users\Sey\AppData\Roaming\InetStat
Some content of TEMP:
====================
C:\Users\Sey\AppData\Local\Temp\avgnt.exe
C:\Users\Sey\AppData\Local\Temp\CloudBackup3959.exe
C:\Users\Sey\AppData\Local\Temp\Quarantine.exe
C:\Users\Sey\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-22 13:12
==================== End Of Log ============================
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Sey at 2015-02-03 15:21:51
Running from C:\Users\Sey\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Install Manager (HKLM\...\{1E654AA2-629D-C426-2561-01AAC1371950}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04059 - Cisco Systems, Inc.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4311.52 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.13.004_WHQL (HKLM\...\Elantech) (Version: 11.6.13.004 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Packard Bell)
InetStat (HKU\S-1-5-21-254765840-3105052261-2340691044-1001\...\InetStat) (Version: 0.5b - InetStat) <==== ATTENTION!
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Packard Bell)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Packard Bell)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Packard Bell)
Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Packard Bell)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
raving reyven (HKLM\...\raving reyven) (Version: 2014.06.07.170121 - raving reyven) <==== ATTENTION!
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28127 - Realtek Semiconductor Corp.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-01-2015 09:03:54 Windows Modules Installer
17-01-2015 12:21:29 Windows Update
20-01-2015 17:05:06 Windows Update
23-01-2015 19:30:10 Windows Update
27-01-2015 17:13:56 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C28A3A8-797F-4BF8-876E-275D88EF63A3} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-13] (MyPC Backup) <==== ATTENTION
Task: {131B36BA-1F07-4A47-9D5F-EA7050CAB521} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {2B13FE37-3C8A-4806-80DF-1E361E2A617A} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {31C5A268-FFAE-481F-8937-4B0B8F08ED59} - System32\Tasks\{47EF6FD5-35C9-460A-8B65-93F56E30D335} => pcalua.exe -a C:\Users\Sey\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs2 <==== ATTENTION
Task: {6DD33C38-D88E-4AE9-8969-0A748BBBA552} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {C8C98B55-2736-48FE-98F2-FCC3A01C018F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-18] (Microsoft Corporation)
Task: {E23BA7CF-1D9F-4FA3-8EEC-EC31670C876B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.)
Task: {E9E30DB8-E712-42AC-9687-BE0FD5E84C3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.)
Task: {F188C412-0332-456E-83C2-ADFC3D0F51B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {F72FDF7C-80FA-4BAF-9DEF-579A19B6C0B6} - System32\Tasks\Open Chrome => Chrome.exe --new-window hxxp://toolbar.avg.com/almost-done?pid=safeguard&lang=en
Task: {FCB98D0B-D119-47A6-8004-EC9D71128FC9} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2012-08-30] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe
==================== Loaded Modules (whitelisted) =============
2014-08-30 19:42 - 2014-08-30 19:41 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2012-07-26 08:58 - 2012-07-26 08:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-11-13 10:59 - 2014-11-13 10:58 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-11-13 10:59 - 2014-11-13 10:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll
2014-11-13 10:59 - 2014-11-13 10:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-08-30 19:41 - 2014-08-30 19:41 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2013-06-19 16:00 - 2013-06-19 16:00 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 19:42 - 2014-08-30 19:41 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2015-01-27 20:22 - 2015-01-25 07:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 20:21 - 2015-01-25 07:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 20:22 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-01-27 20:23 - 2015-01-25 07:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-254765840-3105052261-2340691044-500 - Administrator - Disabled)
Gast (S-1-5-21-254765840-3105052261-2340691044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-254765840-3105052261-2340691044-1003 - Limited - Enabled)
Sey (S-1-5-21-254765840-3105052261-2340691044-1001 - Administrator - Enabled) => C:\Users\Sey
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5148
Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5148
Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2745
Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2745
Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/03/2015 01:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: inetstat.exe, Version: 0.0.0.0, Zeitstempel: 0x54a17008
Name des fehlerhaften Moduls: inetstat.exe, Version: 0.0.0.0, Zeitstempel: 0x54a17008
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00026ff3
ID des fehlerhaften Prozesses: 0x11b4
Startzeit der fehlerhaften Anwendung: 0xinetstat.exe0
Pfad der fehlerhaften Anwendung: inetstat.exe1
Pfad des fehlerhaften Moduls: inetstat.exe2
Berichtskennung: inetstat.exe3
Vollständiger Name des fehlerhaften Pakets: inetstat.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: inetstat.exe5
Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15351
Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15351
Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (02/03/2015 01:01:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/03/2015 01:01:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (02/03/2015 00:58:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UpdaterSvcravingreyven" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/03/2015 00:57:45 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (02/01/2015 04:45:32 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (02/01/2015 04:21:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/01/2015 04:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UpdaterSvcravingreyven" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/01/2015 04:20:25 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (02/01/2015 04:20:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 01.02.2015 um 01:11:48 unerwartet heruntergefahren.
Error: (01/31/2015 04:21:13 PM) (Source: DCOM) (EventID: 10010) (User: SEYHAN)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Microsoft Office Sessions:
=========================
Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5148
Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5148
Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2745
Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2745
Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/03/2015 01:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: inetstat.exe0.0.0.054a17008inetstat.exe0.0.0.054a17008c000000500026ff311b401d03fa8e118a8f3C:\Users\Sey\AppData\Roaming\InetStat\inetstat.exeC:\Users\Sey\AppData\Roaming\InetStat\inetstat.exe5a69f884-aba0-11e4-810c-b888e3ae176b
Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15351
Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15351
Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2015-01-19 07:37:15.627
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\update.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-01-19 01:34:32.517
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\update.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe with signing level Unsigned while the system requires signing level 6 or better to load.
==================== Memory info ===========================
Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 75%
Total physical RAM: 1610.25 MB
Available physical RAM: 388.07 MB
Total Pagefile: 4426.25 MB
Available Pagefile: 2346.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Packard Bell) (Fixed) (Total:280.19 GB) (Free:213.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: FE877462)
Partition: GPT Partition Type.
==================== End Of Log ============================
Ich hoffe, ich habe jetzt alles richtig gemacht.
Ergänzung:
bei Punkt 3 fehlt noch Gefunden: Adware/VOPack.174340 |
FRST 32-Bit | FRST 64-Bit
Lesestoff:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
