| PC-Trouble | 21.01.2014 22:24 |
Search Protect von Conduit - wie restlos entfernen?
Hallo,
habe gestern durch Zufall in meiner Taskleiste das Icon Search Protect von Conduit entdeckt. Hatte keine Ahnung um was es sich dabei handelt, und durch googlen herausgefunden, dass es sich mit allergrößter Wahrscheinlichkeit um Malware handelt. Habe keine Ahnung wie das auf unseren Laptop gekommen ist.
Als allererstes hab ich es über Systemsteuerung/Programme wieder deinstalliert, aber wie ich jetzt bei euch in anderen Threads gelesen habe, reicht das nicht.
Bei mir war es auch "nur" in der Taskleiste und sonst nirgends, zumindest habe ich es sonst nirgends (Firefox) entdeckt. Mein Virenscanner (Microsoft Security Essentials) hat nach einer Überprüfung zumindest nichts gemeldet (weiß jetzt nicht ob das gut ist, ober ob Microsoft Security Essentials das einfach nicht findet).
Ich möchte nun einfach sicher sein, dass es komplett weg ist.
Nach eurer Anleitung habe ich Defogger ausgeführt und FRST. Hier die Log-Dateien dazu:
Defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:18 on 21/01/2014 (AT)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by AT (administrator) on AT-PC on 21-01-2014 21:25:00
Running from C:\Users\MamaPapa\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\ATService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2011-05-31] (AuthenTec, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [DisallowCpl] 1
HKU\Nick\...\Policies\system: [LogonHoursAction] 2
HKU\Nick\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Talia\...\Policies\system: [LogonHoursAction] 2
HKU\Talia\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\MamaPapa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F&q={searchTerms}&SSPV=
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\AT\AppData\Roaming\Mozilla\Firefox\Profiles\ovv17edl.default
FF Homepage: hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP0D7806CC-3A9C-4BE7-AA9E-B9D388FC7C0F
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\AT\AppData\Roaming\Mozilla\Firefox\Profiles\ovv17edl.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2011-05-31] ()
R2 ATService; C:\Windows\system32\ATService.exe [2715976 2011-05-31] (AuthenTec, Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-01-10] (Lenovo.)
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2011-05-31] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [135168 2009-12-08] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 lnvobus; C:\Windows\system32\drivers\lnvobus.sys [327680 2008-12-16] (MCCI Corporation)
R3 lnvocard; C:\Windows\system32\drivers\lnvocard.sys [378880 2008-12-16] (MCCI Corporation)
R3 lnvogps; C:\Windows\system32\drivers\lnvogps64.sys [87592 2008-10-23] (Ericsson AB)
R3 lnvomdfl; C:\Windows\System32\DRIVERS\lnvomdfl.sys [19456 2008-12-16] (MCCI Corporation)
R3 lnvomdfl2; C:\Windows\System32\DRIVERS\lnvomdfl2.sys [19456 2008-12-16] (MCCI Corporation)
R3 lnvomdm; C:\Windows\System32\DRIVERS\lnvomdm.sys [422912 2008-12-16] (MCCI Corporation)
R3 lnvomdm2; C:\Windows\System32\DRIVERS\lnvomdm2.sys [474624 2008-12-16] (MCCI Corporation)
R3 lnvond5; C:\Windows\System32\DRIVERS\lnvond5.sys [34816 2008-12-16] (MCCI Corporation)
R3 lnvounic; C:\Windows\system32\drivers\lnvounic.sys [431104 2008-12-16] (MCCI Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [26424 2012-07-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [27960 2012-07-05] (Synaptics Incorporated)
R3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\lnvoscard64.sys [30760 2008-07-08] (Sony Ericsson)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-21 21:25 - 2014-01-21 21:25 - 00011044 _____ C:\Users\MamaPapa\Downloads\FRST.txt
2014-01-21 21:24 - 2014-01-21 21:24 - 00000000 ____D C:\FRST
2014-01-21 21:22 - 2014-01-21 21:22 - 02077184 _____ (Farbar) C:\Users\MamaPapa\Downloads\FRST64.exe
2014-01-21 21:18 - 2014-01-21 21:18 - 00000466 _____ C:\Users\MamaPapa\Downloads\defogger_disable.log
2014-01-21 21:18 - 2014-01-21 21:18 - 00000000 _____ C:\Users\AT\defogger_reenable
2014-01-21 21:16 - 2014-01-21 21:16 - 00050477 _____ C:\Users\MamaPapa\Downloads\Defogger.exe
2014-01-18 18:03 - 2014-01-18 18:03 - 01050768 _____ (Unity Technologies ApS) C:\Users\MamaPapa\Downloads\UnityWebPlayer.exe
2014-01-16 17:23 - 2014-01-16 17:23 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2014-01-15 16:58 - 2014-01-15 16:58 - 01585616 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-15 14:05 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:05 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:05 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:05 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:05 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:05 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:05 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:05 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:05 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 14:09 - 2014-01-12 14:09 - 00001272 _____ C:\Users\Nick\Desktop\Snipping Tool.lnk
2014-01-11 22:28 - 2014-01-11 22:29 - 00813424 _____ C:\Windows\Minidump\011114-20638-01.dmp
2014-01-08 17:41 - 2014-01-08 17:41 - 00745096 _____ C:\Windows\Minidump\010814-19094-01.dmp
2014-01-06 18:34 - 2014-01-06 18:34 - 00743160 _____ C:\Windows\Minidump\010614-19234-01.dmp
2014-01-04 18:55 - 2014-01-04 18:55 - 00745384 _____ C:\Windows\Minidump\010414-21980-01.dmp
2014-01-03 09:57 - 2014-01-19 11:30 - 00000000 ____D C:\Users\MamaPapa\Documents\Barbara
2014-01-02 17:55 - 2014-01-02 17:55 - 00278992 _____ C:\Windows\Minidump\010214-24523-01.dmp
2014-01-02 08:19 - 2014-01-02 08:19 - 00001046 _____ C:\Users\Public\Desktop\Mobile Partner.lnk
2014-01-02 08:19 - 2009-12-08 20:19 - 00135168 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2014-01-02 08:19 - 2009-12-07 19:53 - 00117504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-01-02 08:19 - 2009-10-12 15:23 - 00114304 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbdev.sys
2014-01-02 08:19 - 2007-08-09 04:10 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Sun
2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Oracle
2014-01-01 17:48 - 2014-01-01 17:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-01 17:47 - 2014-01-01 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-01 17:47 - 2014-01-01 17:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-01 17:47 - 2014-01-01 17:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-01 17:47 - 2014-01-01 17:47 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-01 17:27 - 2014-01-01 17:27 - 00915368 _____ (Oracle Corporation) C:\Users\MamaPapa\Downloads\jxpiinstall.exe
2014-01-01 01:17 - 2014-01-01 01:17 - 00745096 _____ C:\Windows\Minidump\010114-20654-01.dmp
2013-12-29 22:18 - 2013-12-29 22:19 - 34115288 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\FreeYouTube19ToMP3Converter.exe
2013-12-25 19:07 - 2013-12-25 19:07 - 00001443 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-12-25 19:06 - 2013-12-25 19:06 - 00000000 ____D C:\Users\AT\AppData\Roaming\OpenCandy
2013-12-25 19:03 - 2013-12-25 19:04 - 32350440 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\Free19YouTubeDownload.exe
2013-12-24 23:04 - 2013-12-24 23:13 - 00000000 ____D C:\Users\MamaPapa\Documents\OneNote-Notizbücher
2013-12-23 20:49 - 2013-12-23 20:49 - 00001111 _____ C:\Users\AT\Desktop\Continue Codec Pack Installation.lnk
2013-12-22 14:18 - 2013-12-22 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-21 21:25 - 2014-01-21 21:25 - 00011044 _____ C:\Users\MamaPapa\Downloads\FRST.txt
2014-01-21 21:24 - 2014-01-21 21:24 - 00000000 ____D C:\FRST
2014-01-21 21:22 - 2014-01-21 21:22 - 02077184 _____ (Farbar) C:\Users\MamaPapa\Downloads\FRST64.exe
2014-01-21 21:18 - 2014-01-21 21:18 - 00000466 _____ C:\Users\MamaPapa\Downloads\defogger_disable.log
2014-01-21 21:18 - 2014-01-21 21:18 - 00000000 _____ C:\Users\AT\defogger_reenable
2014-01-21 21:18 - 2013-06-22 20:36 - 00000000 ____D C:\Users\AT
2014-01-21 21:16 - 2014-01-21 21:16 - 00050477 _____ C:\Users\MamaPapa\Downloads\Defogger.exe
2014-01-21 21:09 - 2013-06-22 20:31 - 01859452 _____ C:\Windows\WindowsUpdate.log
2014-01-21 21:06 - 2013-07-06 22:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 20:55 - 2013-06-27 06:05 - 00000000 ____D C:\Users\Public\Documents\Schwimmen
2014-01-21 20:49 - 2011-04-12 08:43 - 00699418 _____ C:\Windows\system32\perfh007.dat
2014-01-21 20:49 - 2011-04-12 08:43 - 00149526 _____ C:\Windows\system32\perfc007.dat
2014-01-21 20:49 - 2009-07-14 06:13 - 01619600 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-21 20:46 - 2009-07-14 05:51 - 00148327 _____ C:\Windows\setupact.log
2014-01-21 20:14 - 2013-06-23 17:02 - 00001328 __RSH C:\Users\Talia\ntuser.pol
2014-01-21 20:14 - 2013-06-23 17:01 - 00000000 ____D C:\Users\Talia
2014-01-21 20:14 - 2013-06-23 16:50 - 00000680 __RSH C:\Users\MamaPapa\ntuser.pol
2014-01-21 20:14 - 2013-06-23 16:50 - 00000000 ____D C:\Users\MamaPapa
2014-01-21 16:14 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 16:14 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 16:07 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 16:06 - 2010-11-21 04:47 - 00077838 _____ C:\Windows\PFRO.log
2014-01-20 21:11 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-19 21:53 - 2013-11-10 22:29 - 00000000 ____D C:\Users\MamaPapa\Documents\Talia
2014-01-19 21:53 - 2013-06-28 13:04 - 00000000 ____D C:\Users\Public\Documents\Schule
2014-01-19 11:30 - 2014-01-03 09:57 - 00000000 ____D C:\Users\MamaPapa\Documents\Barbara
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 18:03 - 2014-01-18 18:03 - 01050768 _____ (Unity Technologies ApS) C:\Users\MamaPapa\Downloads\UnityWebPlayer.exe
2014-01-17 22:00 - 2013-08-06 12:18 - 00000000 ____D C:\Users\MamaPapa\Documents\FinePrint-Dateien
2014-01-17 21:34 - 2013-06-28 13:03 - 00000000 ____D C:\Users\Public\Documents\Bestellungen
2014-01-16 18:39 - 2013-06-22 21:56 - 00000680 __RSH C:\Users\AT\ntuser.pol
2014-01-16 18:38 - 2013-06-22 20:36 - 00001428 _____ C:\Users\AT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-16 18:00 - 2013-06-23 09:46 - 00000000 ____D C:\Users\Nick\AppData\Local\Mozilla
2014-01-16 17:30 - 2013-06-23 09:38 - 00001326 __RSH C:\Users\Nick\ntuser.pol
2014-01-16 17:30 - 2013-06-23 09:38 - 00000000 ____D C:\Users\Nick
2014-01-16 17:23 - 2014-01-16 17:23 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2014-01-15 21:02 - 2013-06-28 21:09 - 00000000 ____D C:\Users\MamaPapa\Documents\DVDVideoSoft
2014-01-15 17:07 - 2009-07-14 05:45 - 00312496 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 16:58 - 2014-01-15 16:58 - 01585616 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-15 16:53 - 2013-06-23 14:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 16:51 - 2013-07-15 12:24 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 16:48 - 2013-06-22 21:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 00:46 - 2013-08-22 17:28 - 00000000 ____D C:\Users\MamaPapa\Documents\My Digital Editions
2014-01-12 14:09 - 2014-01-12 14:09 - 00001272 _____ C:\Users\Nick\Desktop\Snipping Tool.lnk
2014-01-12 13:48 - 2013-06-23 17:04 - 00000000 ____D C:\Users\Talia\Documents\GFS Talia
2014-01-12 12:48 - 2013-06-24 11:43 - 00000000 ____D C:\Users\Talia\AppData\Local\Mozilla
2014-01-12 12:41 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-11 22:29 - 2014-01-11 22:28 - 00813424 _____ C:\Windows\Minidump\011114-20638-01.dmp
2014-01-11 22:28 - 2013-07-06 17:18 - 331569405 _____ C:\Windows\MEMORY.DMP
2014-01-11 22:28 - 2013-07-06 17:18 - 00000000 ____D C:\Windows\Minidump
2014-01-09 18:42 - 2013-08-06 12:17 - 00000000 ____D C:\Users\MamaPapa\Documents\PDF-Dateien
2014-01-08 17:41 - 2014-01-08 17:41 - 00745096 _____ C:\Windows\Minidump\010814-19094-01.dmp
2014-01-06 18:34 - 2014-01-06 18:34 - 00743160 _____ C:\Windows\Minidump\010614-19234-01.dmp
2014-01-04 18:55 - 2014-01-04 18:55 - 00745384 _____ C:\Windows\Minidump\010414-21980-01.dmp
2014-01-02 17:55 - 2014-01-02 17:55 - 00278992 _____ C:\Windows\Minidump\010214-24523-01.dmp
2014-01-02 17:42 - 2013-06-27 20:35 - 00000000 ____D C:\Users\MamaPapa\Documents\Vorlagen
2014-01-02 08:19 - 2014-01-02 08:19 - 00001046 _____ C:\Users\Public\Desktop\Mobile Partner.lnk
2014-01-02 08:19 - 2013-08-07 15:08 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Sun
2014-01-01 17:48 - 2014-01-01 17:48 - 00000000 ____D C:\ProgramData\Oracle
2014-01-01 17:47 - 2014-01-01 17:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-01 17:47 - 2014-01-01 17:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-01 17:47 - 2014-01-01 17:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-01 17:47 - 2014-01-01 17:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-01 17:47 - 2014-01-01 17:47 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-01 17:27 - 2014-01-01 17:27 - 00915368 _____ (Oracle Corporation) C:\Users\MamaPapa\Downloads\jxpiinstall.exe
2014-01-01 01:17 - 2014-01-01 01:17 - 00745096 _____ C:\Windows\Minidump\010114-20654-01.dmp
2013-12-29 22:21 - 2013-06-28 21:13 - 00001539 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-12-29 22:21 - 2013-06-28 21:13 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-12-29 22:20 - 2013-06-28 21:08 - 00000000 ____D C:\Users\AT\AppData\Roaming\DVDVideoSoft
2013-12-29 22:19 - 2013-12-29 22:18 - 34115288 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\FreeYouTube19ToMP3Converter.exe
2013-12-25 19:07 - 2013-12-25 19:07 - 00001443 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-12-25 19:07 - 2013-06-28 21:09 - 00000000 ____D C:\Users\MamaPapa\AppData\Roaming\DVDVideoSoft
2013-12-25 19:06 - 2013-12-25 19:06 - 00000000 ____D C:\Users\AT\AppData\Roaming\OpenCandy
2013-12-25 19:04 - 2013-12-25 19:03 - 32350440 _____ (DVDVideoSoft Ltd. ) C:\Users\MamaPapa\Downloads\Free19YouTubeDownload.exe
2013-12-24 23:21 - 2013-06-28 13:04 - 00000000 ____D C:\Users\Public\Documents\Weihnachten
2013-12-24 23:13 - 2013-12-24 23:04 - 00000000 ____D C:\Users\MamaPapa\Documents\OneNote-Notizbücher
2013-12-24 23:04 - 2013-06-23 16:50 - 00000000 ___RD C:\Users\MamaPapa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-24 00:04 - 2013-06-22 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-23 20:49 - 2013-12-23 20:49 - 00001111 _____ C:\Users\AT\Desktop\Continue Codec Pack Installation.lnk
2013-12-22 14:19 - 2013-12-22 14:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
Some content of TEMP:
====================
C:\Users\AT\AppData\Local\Temp\ICReinstall_UltimateCodec.exe
C:\Users\AT\AppData\Local\Temp\nsgD010.exe
C:\Users\AT\AppData\Local\Temp\nsiD796.exe
C:\Users\AT\AppData\Local\Temp\nso44CC.exe
C:\Users\AT\AppData\Local\Temp\nst47F8.exe
C:\Users\AT\AppData\Local\Temp\nstDC1A.exe
C:\Users\AT\AppData\Local\Temp\ose00000.exe
C:\Users\AT\AppData\Local\Temp\setup__3862.exe
C:\Users\MamaPapa\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\MamaPapa\AppData\Local\Temp\ResetDevice.exe
C:\Users\MamaPapa\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\MamaPapa\AppData\Local\Temp\SPSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-11 12:17
==================== End Of Log ============================
Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014
Ran by AT at 2014-01-21 21:25:46
Running from C:\Users\MamaPapa\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Adobe Digital Editions 2.0 (x32 Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Anzeige am Bildschirm (Version: 6.67.10 - )
calibre 64bit (Version: 1.12.0 - Kovid Goyal)
Conexant 20561 SmartAudio HD (Version: 4.92.10.0 - Conexant)
Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0 - Lenovo)
Druckerdeinstallation für EPSON WF-3520 Series (Version: - SEIKO EPSON Corporation)
Energie-Manager (x32 Version: 6.45 - )
EPSON Scan (x32 Version: - Seiko Epson Corporation)
Ericsson Wireless Module Core (Version: 1.0.1046.229 - Lenovo)
FinePrint (Version: 7.21 - FinePrint Software, LLC)
Free YouTube Download version 3.2.19.1219 (x32 Version: 3.2.19.1219 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.19.1219 (x32 Version: 3.12.19.1219 - DVDVideoSoft Ltd.)
Intel(R) Network Connections Drivers (Version: - )
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lenovo Fingerprint Software (Version: 3.3.2.50 - AuthenTec, Inc.)
Lenovo Patch Utility (x32 Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (Version: 1.67.04.04 - )
Lenovo System Interface Driver (Version: 1.05 - )
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Partner (x32 Version: 16.002.03.02.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
pdfFactory (Version: 4.81 - FinePrint Software, LLC)
Software Updater (x32 Version: 4.1.7 - SEIKO EPSON CORPORATION)
ThinkPad FullScreen Magnifier (Version: 2.40 - )
ThinkPad UltraNav Driver (Version: 16.2.19.7 - )
ThinkVantage Access Connections (x32 Version: 6.01 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2010 8.6.0.29) (Version: 07/02/2010 8.6.0.29 - AuthenTec Inc.)
==================== Restore Points =========================
03-01-2014 08:20:57 Windows Update
03-01-2014 08:59:54 Windows-Sicherung
06-01-2014 20:00:54 Windows Update
09-01-2014 21:11:47 Windows Update
13-01-2014 13:50:21 Windows Update
15-01-2014 15:48:19 Windows Update
18-01-2014 20:20:20 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {67430C73-E71C-4051-A768-046B2FB77823} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {888FE7D9-E97F-439C-AFBA-C35EB9A5AC72} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-01-10] (Lenovo Group Limited)
Task: {9B123360-43F6-47AC-B04A-D90BC60EEFAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-04-25 19:42 - 2013-01-10 05:45 - 00104960 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2013-03-18 16:26 - 2013-03-18 16:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2013-12-22 14:19 - 2013-12-22 14:19 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/21/2014 08:36:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 06:04:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 05:45:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:51 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:49 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:46 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/21/2014 04:08:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (01/21/2014 04:08:13 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (01/21/2014 04:07:37 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 63%
Total physical RAM: 1976.03 MB
Available physical RAM: 718.77 MB
Total Pagefile: 3952.05 MB
Available Pagefile: 2323.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:142.58 GB) (Free:104.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: A0C18448)
Partition 1: (Active) - (Size=6 GB) - (Type=27)
Partition 2: (Not Active) - (Size=143 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Und hier noch das Ergebnis von GMER: Code:
GMER 2.1.19324 - hxxp://www.gmer.net
Rootkit scan 2014-01-21 22:07:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1600BEVS-08VAT2 rev.14.01A14 149,05GB
Running: gmer.exe; Driver: C:\Users\AT\AppData\Local\Temp\pgldrpoc.sys
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3220:3136] 000007fefb352a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3220:2364] 000007feea044830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3220:3128] 000007feea044830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3220:3520] 000007feea044830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3220:3860] 000007feea044830
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{79EF9C66-2EF2-4640-8168-009E63E3FA5D}\Connection@Name isatap.{9C0C0137-D810-4E9B-B5E6-E7495FD7E2C0}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{BA14939E-3672-4C25-ADD6-FC2A844FE6D5}?\Device\{2B13B0E2-56CB-4F8F-9BE9-2AE9312AB550}?\Device\{79EF9C66-2EF2-4640-8168-009E63E3FA5D}?\Device\{8EF06B9B-926E-44FF-8884-6865D324ADEE}?\Device\{91430389-68AB-409F-8C2D-DD4B8646A477}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{BA14939E-3672-4C25-ADD6-FC2A844FE6D5}"?"{2B13B0E2-56CB-4F8F-9BE9-2AE9312AB550}"?"{79EF9C66-2EF2-4640-8168-009E63E3FA5D}"?"{8EF06B9B-926E-44FF-8884-6865D324ADEE}"?"{91430389-68AB-409F-8C2D-DD4B8646A477}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{BA14939E-3672-4C25-ADD6-FC2A844FE6D5}?\Device\TCPIP6TUNNEL_{2B13B0E2-56CB-4F8F-9BE9-2AE9312AB550}?\Device\TCPIP6TUNNEL_{79EF9C66-2EF2-4640-8168-009E63E3FA5D}?\Device\TCPIP6TUNNEL_{8EF06B9B-926E-44FF-8884-6865D324ADEE}?\Device\TCPIP6TUNNEL_{91430389-68AB-409F-8C2D-DD4B8646A477}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265e962ad3
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eba91ca
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eba91ca@74458a09b6b7 0xAF 0x20 0x99 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eba91ca@503275266aee 0xB5 0x27 0x5C 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{79EF9C66-2EF2-4640-8168-009E63E3FA5D}@InterfaceName isatap.{9C0C0137-D810-4E9B-B5E6-E7495FD7E2C0}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{79EF9C66-2EF2-4640-8168-009E63E3FA5D}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265e962ad3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eba91ca (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eba91ca@74458a09b6b7 0xAF 0x20 0x99 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eba91ca@503275266aee 0xB5 0x27 0x5C 0xAB ...
---- EOF - GMER 2.1 ----
So nun warte ich auf weitere Anweisungen.
Vorab schonmal recht herzlichen Dank für Eure Hilfe!!!
Gruß
PC-Trouble |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
