| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner ohne Abgesicherten ModusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
13.04.2014, 11:02
| #1 |
| |  GVU Trojaner ohne Abgesicherten ModusCode:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2014 01
Ran by SYSTEM on MINWINPC on 13-04-2014 11:53:33
Running from G:\
Windows Vista (TM) Ultimate (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-07-19] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8466432 2007-07-19] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-07-19] (NVIDIA Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-04-25] (Intel Corporation)
HKLM\...\Run: [TrayServer] - C:\Program Files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe [90112 2008-01-17] (MAGIX AG)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [lxctmon.exe] - C:\Program Files\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] ()
HKLM\...\Run: [Lexmark 5400 Series Fax Server] - C:\Program Files\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.)
HKLM\...\Run: [LXCTCATS] - C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll [106496 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-08-01] (RealNetworks, Inc.)
HKU\André\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\André\...\Run: [ICQ] - C:\Program Files\ICQ7.0\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\André\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [435672 2011-11-14] (TomTom)
HKU\André\...\Run: [NTRedirect] - C:\Windows\system32\rundll32.exe "C:\Users\André\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\André\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-07-13] (Google Inc.)
HKU\André\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\André\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j7tlcmqlfe.lnk
ShortcutTarget: j7tlcmqlfe.lnk -> C:\ProgramData\2992199F9A\eflqmclt7j.cpp (Microsoft Corporation)
========================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S2 gupdate1ca03fe296cc090; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-07-13] (Google Inc.)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [246520 2010-01-03] ()
S2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
S2 O&O Defrag; C:\Windows\system32\oodag.exe [1050120 2007-05-11] (O&O Software GmbH)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-10-19] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [307968 2008-07-08] (TuneUp Software GmbH)
S2 VideoAcceleratorService; C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe [281768 2013-08-01] (SPEEDbit)
S2 Winmgmt; C:\ProgramData\2992199F9A\eflqmclt7j.cpp [186665 2014-04-09] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277736 2008-07-30] (Protect Software GmbH)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-01-01] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2010-02-05] (CSR, plc)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-01-01] ()
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [90280 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [15016 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [122280 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [115880 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [26024 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [111912 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [116904 2009-05-25] (MCCI Corporation)
S0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)
S0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)
S0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-07-08] (Duplex Secure Ltd.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-10] (Avira GmbH)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [485920 2008-11-11] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45344 2008-11-11] (eMPIA Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 ____D () C:\FRST
2014-04-13 10:14 - 2014-04-13 10:14 - 00143496 _____ () C:\Windows\Minidump\Mini041314-01.dmp
2014-04-09 09:29 - 2014-04-13 10:17 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-08 21:32 - 2014-04-08 21:32 - 00143496 _____ () C:\Windows\Minidump\Mini040814-01.dmp
2014-03-31 17:01 - 2014-03-31 17:01 - 00143496 _____ () C:\Windows\Minidump\Mini033114-01.dmp
2014-03-20 20:19 - 2014-03-20 20:19 - 00000000 ____D () C:\Users\André\Documents\MAGIX_Filme_auf_DVD_7_TerraTec_Edition
==================== One Month Modified Files and Folders =======
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 ____D () C:\FRST
2014-04-13 10:38 - 2008-07-08 16:35 - 00004268 _____ () C:\Windows\bthservsdp.dat
2014-04-13 10:38 - 2006-11-02 13:51 - 01811305 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 10:38 - 2006-11-02 13:46 - 00003664 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 10:38 - 2006-11-02 13:46 - 00003664 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 10:17 - 2014-04-09 09:29 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-13 10:16 - 2008-07-08 21:25 - 02882189 _____ () C:\Windows\System32\oodbs.lor
2014-04-13 10:14 - 2014-04-13 10:14 - 00143496 _____ () C:\Windows\Minidump\Mini041314-01.dmp
2014-04-13 10:14 - 2014-03-03 20:31 - 254352636 _____ () C:\Windows\MEMORY.DMP
2014-04-13 10:14 - 2008-09-23 15:00 - 00000000 ____D () C:\Windows\Minidump
2014-04-09 07:56 - 2006-11-02 11:33 - 01575894 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-08 21:39 - 2013-10-22 22:56 - 00048345 _____ () C:\Users\André\Desktop\Finanzen 2014.xlsx
2014-04-08 21:32 - 2014-04-08 21:32 - 00143496 _____ () C:\Windows\Minidump\Mini040814-01.dmp
2014-04-04 13:43 - 2008-08-16 15:21 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-04-04 10:58 - 2012-11-13 13:04 - 00000000 ____D () C:\ProgramData\Origin
2014-04-04 10:57 - 2012-11-13 13:04 - 00000000 ____D () C:\Program Files\Origin
2014-03-31 17:01 - 2014-03-31 17:01 - 00143496 _____ () C:\Windows\Minidump\Mini033114-01.dmp
2014-03-21 15:04 - 2010-08-10 09:26 - 00000000 ____D () C:\Program Files\Lx_cats
2014-03-20 20:19 - 2014-03-20 20:19 - 00000000 ____D () C:\Users\André\Documents\MAGIX_Filme_auf_DVD_7_TerraTec_Edition
2014-03-19 01:21 - 2013-07-23 10:50 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-19 01:19 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-03-14 21:09 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-14 20:53 - 2006-11-02 13:46 - 01762408 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-14 20:51 - 2008-08-10 10:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
Some content of TEMP:
====================
C:\Users\André\AppData\Local\Temp\avgnt.exe
C:\Users\André\AppData\Local\Temp\YO28.dll
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 4093.63 MB
Available physical RAM: 3608.28 MB
Total Pagefile: 3843 MB
Available Pagefile: 3681 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:52.73 GB) (Free:1.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:233.64 GB) (Free:29.58 GB) NTFS
Drive e: (CD_ROM) (CDROM) (Total:2.99 GB) (Free:0 GB) CDFS
Drive f: (WinRE) (Fixed) (Total:11.72 GB) (Free:5.04 GB) NTFS
Drive g: (USB DISK) (Removable) (Total:14.93 GB) (Free:2.93 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5029B376)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=53 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=234 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition: GPT Partition Type.
LastRegBack: 2014-04-13 10:24
==================== End Of Log ============================
|
|
13.04.2014, 12:40
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | GVU Trojaner ohne Abgesicherten Modus Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean  bist.Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier... Ich bedanke mich für Deine Geduld! 
__________________ |
|
13.04.2014, 13:29
| #3 |
| /// TB-Ausbilder /// Anleitungs-Guru | GVU Trojaner ohne Abgesicherten Modus Hallo, wir machen so weiter:
__________________ Schritt 1 Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S2 Winmgmt; C:\ProgramData\2992199F9A\eflqmclt7j.cpp [186665 2014-04-09] (Microsoft Corporation)
2014-04-13 10:17 - 2014-04-09 09:29 - 00000000 ____D () C:\ProgramData\2992199F9A
Startup: C:\Users\André\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j7tlcmqlfe.lnk
ShortcutTarget: j7tlcmqlfe.lnk -> C:\ProgramData\2992199F9A\eflqmclt7j.cpp (Microsoft Corporation)
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Poste mir bitte die Fixlog.txt. Ist der PC jetzt wieder im Normalbootmodus startbar?
__________________ |
|
14.04.2014, 08:24
| #4 |
| | GVU Trojaner ohne Abgesicherten Modus Hallo deeprypka, erstmal vielen Dank für deine Unterstützung allein bekäm ich das nicht hin!!! Ja der PC startet jetzt wieder im normalen Bootmodus!!!! Gruß Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-04-2014 01
Ran by SYSTEM at 2014-04-14 09:18:32 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
S2 Winmgmt; C:\ProgramData\2992199F9A\eflqmclt7j.cpp [186665 2014-04-09] (Microsoft Corporation)
2014-04-13 10:17 - 2014-04-09 09:29 - 00000000 ____D () C:\ProgramData\2992199F9A
Startup: C:\Users\André\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j7tlcmqlfe.lnk
ShortcutTarget: j7tlcmqlfe.lnk -> C:\ProgramData\2992199F9A\eflqmclt7j.cpp (Microsoft Corporation)
*****************
Winmgmt => Service restored successfully.
C:\ProgramData\2992199F9A => Moved successfully.
C:\Users\André\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j7tlcmqlfe.lnk => Moved successfully.
C:\ProgramData\2992199F9A\eflqmclt7j.cpp not found.
==== End of Fixlog ====
|
|
14.04.2014, 08:29
| #5 |
| /// TB-Ausbilder /// Anleitungs-Guru | GVU Trojaner ohne Abgesicherten Modus Prima... Jetzt bitte im Normalmodus... Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
15.04.2014, 05:49
| #6 |
| | GVU Trojaner ohne Abgesicherten Modus FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2014 01
Ran by André (administrator) on ROSSI on 15-04-2014 06:44:33
Running from G:\
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files\Lexmark 5400 Series\lxctmon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 5400 Series\ezprint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(ICQ, LLC.) C:\Program Files\ICQ7.0\ICQ.exe
(TomTom) C:\Program Files\MyTomTom 3\MyTomTomSA.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\ICQ6Toolbar\ICQ Service.exe
( ) C:\Windows\system32\lxctcoms.exe
(O&O Software GmbH) C:\Windows\system32\oodag.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(SPEEDbit) C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\ipmGui.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-07-19] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8466432 2007-07-19] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-07-19] (NVIDIA Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-04-25] (Intel Corporation)
HKLM\...\Run: [TrayServer] - C:\Program Files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe [90112 2008-01-17] (MAGIX AG)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [lxctmon.exe] - C:\Program Files\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] ()
HKLM\...\Run: [Lexmark 5400 Series Fax Server] - C:\Program Files\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.)
HKLM\...\Run: [LXCTCATS] - C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll [106496 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-08-01] (RealNetworks, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\Run: [ICQ] - C:\Program Files\ICQ7.0\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [435672 2011-11-14] (TomTom)
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\Run: [NTRedirect] - C:\Windows\system32\rundll32.exe "C:\Users\André\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-07-13] (Google Inc.)
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\MountPoints2: {07a3cc10-836e-11df-bd94-001060d00749} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\MountPoints2: {1012de33-b5f1-11e0-9767-001060d00749} - G:\Startme.exe
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\MountPoints2: {4e3112d1-7cf1-11dd-8f80-00030d8a6799} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\.\RECYCLER\Lcass.exe
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\MountPoints2: {56d26d0d-4f82-11dd-91d6-001060d00749} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe IEM07-2-PC11.vbs
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\MountPoints2: {b1581c64-58e4-11dd-a477-00030d8a6799} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\MountPoints2: {e8c4ffb3-4d02-11dd-948a-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-2915141753-3477013906-3020057917-1000\...\MountPoints2: {fb5f9e16-4d26-11dd-8e22-001060d00749} - F:\StartUp.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=E295001DE06717F5&affID=121564&tsp=4961
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKLM - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E295001DE06717F5&affID=121564&tsp=4961
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E295001DE06717F5&affID=121564&tsp=4961
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM - Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
Toolbar: HKCU - Ask Toolbar - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
Chrome:
=======
CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=E295001DE06717F5&affID=121564&tsp=4961
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No File
CHR Extension: (YouTube) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (McAfee Security Scan+) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-28]
CHR Extension: (Google-Suche) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Delta Toolbar) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-08-04]
CHR Extension: (RealDownloader) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-06]
CHR Extension: (DVDVideoSoft) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-04]
CHR Extension: (Google Wallet) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Google Mail) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\André\AppData\Roaming\BabSolution\CR\Delta.crx [2013-08-01]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-08-01]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S2 gupdate1ca03fe296cc090; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-07-13] (Google Inc.)
R2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [246520 2010-01-03] ()
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 O&O Defrag; C:\Windows\system32\oodag.exe [1050120 2007-05-11] (O&O Software GmbH)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-10-19] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [307968 2008-07-08] (TuneUp Software GmbH)
R2 VideoAcceleratorService; C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe [281768 2013-08-01] (SPEEDbit)
==================== Drivers (Whitelisted) ====================
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277736 2008-07-30] (Protect Software GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-01-01] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2010-02-05] (CSR, plc)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-01-01] ()
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [90280 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [15016 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [122280 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [115880 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [26024 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [111912 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [116904 2009-05-25] (MCCI Corporation)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-07-08] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-10] (Avira GmbH)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [485920 2008-11-11] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45344 2008-11-11] (eMPIA Technology, Inc.)
U3 amqxyv1u; C:\Windows\system32\Drivers\amqxyv1u.sys [0 ] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-13 12:50 - 2014-04-15 06:44 - 00000000 ____D () C:\FRST
2014-04-13 11:14 - 2014-04-13 11:14 - 00143496 _____ () C:\Windows\Minidump\Mini041314-01.dmp
2014-04-08 22:32 - 2014-04-08 22:32 - 00143496 _____ () C:\Windows\Minidump\Mini040814-01.dmp
2014-03-31 18:01 - 2014-03-31 18:01 - 00143496 _____ () C:\Windows\Minidump\Mini033114-01.dmp
2014-03-20 21:19 - 2014-03-20 21:19 - 00000000 ____D () C:\Users\André\Documents\MAGIX_Filme_auf_DVD_7_TerraTec_Edition
==================== One Month Modified Files and Folders =======
2014-04-15 06:44 - 2014-04-13 12:50 - 00000000 ____D () C:\FRST
2014-04-15 06:43 - 2014-02-25 22:11 - 00000796 _____ () C:\Windows\setupact.log
2014-04-15 06:41 - 2009-07-13 23:17 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-15 06:41 - 2006-11-02 15:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-15 06:41 - 2006-11-02 14:46 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-15 06:41 - 2006-11-02 14:46 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-15 06:40 - 2008-07-08 22:25 - 02886020 _____ () C:\Windows\system32\oodbs.lor
2014-04-14 09:40 - 2008-07-08 17:35 - 00004268 _____ () C:\Windows\bthservsdp.dat
2014-04-14 09:40 - 2006-11-02 15:00 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-14 09:40 - 2006-11-02 14:51 - 01842384 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 09:28 - 2013-02-26 10:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 09:28 - 2006-11-02 12:33 - 01575894 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 09:23 - 2009-07-13 23:17 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 11:14 - 2014-04-13 11:14 - 00143496 _____ () C:\Windows\Minidump\Mini041314-01.dmp
2014-04-13 11:14 - 2014-03-03 21:31 - 254352636 _____ () C:\Windows\MEMORY.DMP
2014-04-13 11:14 - 2008-09-23 16:00 - 00000000 ____D () C:\Windows\Minidump
2014-04-08 22:39 - 2013-10-22 23:56 - 00048345 _____ () C:\Users\André\Desktop\Finanzen 2014.xlsx
2014-04-08 22:32 - 2014-04-08 22:32 - 00143496 _____ () C:\Windows\Minidump\Mini040814-01.dmp
2014-04-04 14:43 - 2008-08-16 16:21 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-04-04 11:58 - 2012-11-13 14:04 - 00000000 ____D () C:\ProgramData\Origin
2014-04-04 11:57 - 2012-11-13 14:04 - 00000000 ____D () C:\Program Files\Origin
2014-03-31 18:01 - 2014-03-31 18:01 - 00143496 _____ () C:\Windows\Minidump\Mini033114-01.dmp
2014-03-21 16:04 - 2010-08-10 10:26 - 00000000 ____D () C:\Program Files\Lx_cats
2014-03-20 21:19 - 2014-03-20 21:19 - 00000000 ____D () C:\Users\André\Documents\MAGIX_Filme_auf_DVD_7_TerraTec_Edition
2014-03-19 02:21 - 2013-07-23 11:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 02:19 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
Some content of TEMP:
====================
C:\Users\André\AppData\Local\Temp\avgnt.exe
C:\Users\André\AppData\Local\Temp\YO28.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-14 09:27
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2014 01
Ran by André at 2014-04-15 06:45:20
Running from G:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.5.4 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.00.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
Anno 1701 (HKLM\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
Ask Toolbar (HKLM\...\Ask Toolbar_is1) (Version: 4.1.0.2 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{8AD67572-0AE2-0CAC-CD8B-17FBAC973901}) (Version: 3.0.643.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Catalyst Control Center Core Implementation (Version: 2007.1011.2229.38348 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.1011.2229.38348 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.1011.2229.38348 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.1011.2229.38348 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.1011.2229.38348 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.1011.2229.38348 - ATI) Hidden
CCC Help German (Version: 2007.1011.2228.38348 - ATI) Hidden
ccc-core-static (Version: 2007.1011.2229.38348 - Ihr Firmenname) Hidden
ccc-utility (Version: 2007.1011.2229.38348 - ATI) Hidden
Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
Delta toolbar (HKLM\...\delta) (Version: 1.8.22.0 - Delta) <==== ATTENTION
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.4.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.4 - DivXNetworks, Inc.)
DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: - )
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.2.1.0 - Steuerverwaltung des Bundes und der Länder)
EVEREST Ultimate Edition v4.20 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 4.20 - Lavalys, Inc.)
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Free Audio CD Burner version 1.4 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.9.725 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.9.725 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 13 (HKLM\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.4.0 - Electronic Arts)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
ICQ Toolbar (HKLM\...\ICQToolbar) (Version: 3.0.0 - ICQ)
ICQ7 (HKLM\...\{88EB38EF-4D2C-436D-ABD3-56B232674062}) (Version: 7.0 - ICQ)
Indeo® software (HKLM\...\Indeo® software) (Version: - )
Intel® Turbo Memory und Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version: - Lexmark International, Inc.)
Lexmark Symbolleiste (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: - )
MAGIX Filme auf DVD TerraTec Edition 7.0.3.6 (D) (HKLM\...\MAGIX Filme auf DVD TerraTec Edition D) (Version: 7.0.3.6 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version: - )
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Move Networks Media Player for Internet Explorer (HKLM\...\Move Networks Player - IE) (Version: - )
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.1.0.530 (HKLM\...\MyTomTom) (Version: 3.1.0.530 - TomTom)
Nero 8 (HKLM\...\{5FCCD531-1B38-4A94-924C-127F722F1031}) (Version: 8.2.87 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA PhysX v8.04.25 (HKLM\...\{74224F8D-4A17-4816-9EDB-7BB854DE532C}) (Version: 8.04.25 - NVIDIA Corporation)
O&O Defrag Professional Edition (HKLM\...\{53480330-E1D1-41CA-B8F8-7F78644F7F50}) (Version: 10.0.1634 - O&O Software GmbH)
OpenAL (HKLM\...\OpenAL) (Version: - )
Origin (HKLM\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
PokerStars.net (HKLM\...\PokerStars.net) (Version: - PokerStars.net)
Port Royale 2 (HKLM\...\Port Royale 2) (Version: - )
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sicherheitsupdate für Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version: - Microsoft Corporation)
Skins (Version: 2007.1011.2229.38348 - ATI) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
TuneUp Utilities 2008 (HKLM\...\{5888428E-699C-4E71-BF71-94EE06B497DA}) (Version: 7.0.7986 - TuneUp Software)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows-Soundschemas (HKLM\...\UltSounds) (Version: - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Restore Points =========================
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {075F7B0C-8858-426A-81EA-5161F4D13E82} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {180FDF2E-D644-4344-8468-6A67C7223E8E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2915141753-3477013906-3020057917-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {2ACB2D21-9FAA-45D3-B052-D191A2DE0256} - System32\Tasks\EPUpdater => C:\Users\André\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {2EF1A2C3-210D-4AFD-BEB7-E51E7FD69C0C} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {3F70E127-2EA6-4EAA-BF77-72133198055D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2915141753-3477013906-3020057917-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {45BB33C4-DCAF-4F9B-BA5C-D46DD57D93C8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {56F9A602-CE5C-46E2-8163-30FCE7EEA13E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2915141753-3477013906-3020057917-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {5A6D9831-D95C-4713-B4E9-F03D1644498F} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {5E572484-6CF0-4F71-984A-9BB339988814} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {85DE0230-93EA-49A9-8458-FE9519A522C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-13] (Google Inc.)
Task: {9263B6C1-1473-4A6A-8B6B-CBA15B284BD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {A7044512-B325-41B5-B465-BA179D8CEB60} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2915141753-3477013906-3020057917-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {A99C3772-5D56-47AC-A5A3-1E313E2E830F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2915141753-3477013906-3020057917-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {B26067C0-D84E-46BB-BF53-EA8F034DB365} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2915141753-3477013906-3020057917-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {BD1EFE9C-17AC-4E6E-BFDF-B36C3090B99D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2915141753-3477013906-3020057917-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {CD622F28-2BBF-4B61-A60A-CD15B9F0286B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-13] (Google Inc.)
Task: {D01FD7D2-6A70-45D6-9A63-C9B025FF1F6D} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {F87C62FC-6548-464B-942B-52FA9691FE0A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - André => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateChoiceProcessTask.job => C:\Windows\System32\browserchoice.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerResumeInstall_André.job => C:\Users\André\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2010-08-10 10:23 - 2006-10-18 06:36 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll
2010-08-10 10:23 - 2006-10-18 05:30 - 00032768 _____ () C:\Program Files\Lexmark 5400 Series\ipcmt.dll
2010-08-10 10:23 - 2006-10-18 06:43 - 00012288 _____ () C:\Windows\System32\lxctpmrc.dll
2010-08-10 10:26 - 2006-11-13 04:35 - 00118784 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxctdrpp.dll
2013-03-10 13:45 - 2013-03-10 13:27 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2010-08-10 10:23 - 2006-11-22 10:11 - 00291760 _____ () C:\Program Files\Lexmark 5400 Series\lxctmon.exe
2010-08-10 10:23 - 2006-08-08 15:54 - 00278528 _____ () C:\Program Files\Lexmark 5400 Series\lxctscw.dll
2010-08-10 10:23 - 2006-06-09 02:39 - 00143360 _____ () C:\Program Files\Lexmark 5400 Series\lxctdrec.dll
2010-08-10 10:23 - 2006-05-25 16:20 - 00241664 _____ () C:\Program Files\Lexmark 5400 Series\iptk.dll
2006-11-13 04:35 - 2006-11-13 04:35 - 00116224 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxctdrui.dll
2006-11-13 04:34 - 2006-11-13 04:34 - 00163840 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxctdr.dll
2010-01-13 00:53 - 2011-01-05 10:18 - 00733184 _____ () C:\Program Files\ICQ7.0\MDb.dll
2011-11-14 13:02 - 2011-11-14 13:02 - 00063960 _____ () C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
2011-11-14 13:01 - 2011-11-14 13:01 - 07964160 _____ () C:\Program Files\MyTomTom 3\QtGui4.dll
2011-11-14 13:01 - 2011-11-14 13:01 - 02302464 _____ () C:\Program Files\MyTomTom 3\QtCore4.dll
2011-11-14 13:02 - 2011-11-14 13:02 - 00202712 _____ () C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
2011-11-14 13:01 - 2011-11-14 13:01 - 00980480 _____ () C:\Program Files\MyTomTom 3\QtNetwork4.dll
2011-11-14 13:01 - 2011-11-14 13:01 - 00357888 _____ () C:\Program Files\MyTomTom 3\QtXml4.dll
2013-08-28 21:33 - 2013-08-22 12:02 - 00187888 _____ () C:\Users\André\AppData\Roaming\BabSolution\Shared\enhancedNT.dll
2010-06-29 13:13 - 2007-10-11 23:02 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-07-06 19:01 - 2010-01-03 18:07 - 00246520 _____ () C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2008-07-08 18:51 - 2008-10-19 23:29 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IaNvSrv => C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Lcass => C:\Windows\System32\Lcass.EXE
MSCONFIG\startupreg: Lcass.exe => C:\Windows\System32\Lcass.EXE
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: NvSvc => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
MSCONFIG\startupreg: OODefragTray => C:\Windows\system32\oodtray.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
==================== Faulty Device Manager Devices =============
Name: isatap.{44E06CF8-7D51-4B5A-9A03-220EF8A162C1}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/15/2014 06:41:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/13/2014 11:09:21 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)". hr = 0x8007045b.
Error: (04/13/2014 11:09:21 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)". hr = 0x8007045b.
Error: (04/13/2014 11:09:21 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)". hr = 0x8007045b.
Error: (04/13/2014 11:09:21 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)". hr = 0x8007045b.
Error: (04/13/2014 11:09:21 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)". hr = 0x8007045b.
Error: (04/13/2014 11:09:21 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)". hr = 0x8007045b.
Error: (04/13/2014 11:09:21 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)". hr = 0x8007045b.
Error: (04/13/2014 11:09:20 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)". hr = 0x8007045b.
Error: (04/13/2014 11:08:36 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (04/15/2014 06:45:52 AM) (Source: Service Control Manager) (User: )
Description: Microsoft-Softwareschattenkopie-Anbieter%%1053
Error: (04/15/2014 06:45:52 AM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft-Softwareschattenkopie-Anbieter
Error: (04/15/2014 06:45:52 AM) (Source: DCOM) (User: )
Description: 1053swprv{65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
Error: (04/15/2014 06:41:49 AM) (Source: Service Control Manager) (User: )
Description: Avira Echtzeit-Scanner101Neustart des Diensts
Error: (04/15/2014 06:41:39 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (04/14/2014 09:40:41 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (04/14/2014 09:21:45 AM) (Source: Service Control Manager) (User: )
Description: Avira Echtzeit-Scanner101Neustart des Diensts
Error: (04/14/2014 09:21:44 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (04/14/2014 09:21:08 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 13.04.2014 um 17:48:14 unerwartet heruntergefahren.
Error: (04/13/2014 00:42:18 PM) (Source: DCOM) (User: )
Description: 1053swprv{65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-01-03 23:10:02.680
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-03 23:10:02.461
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-03 23:08:11.485
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-03 23:08:11.267
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-05-22 13:46:00.909
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-04-15 23:35:58.659
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-04-15 22:58:19.761
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-04-10 22:27:50.031
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-03-29 15:33:35.411
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-02-20 16:51:20.903
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 3069.51 MB
Available physical RAM: 1981.63 MB
Total Pagefile: 6340.02 MB
Available Pagefile: 5249.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.06 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:52.73 GB) (Free:1.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:233.64 GB) (Free:29.58 GB) NTFS
Drive g: (USB DISK) (Removable) (Total:14.93 GB) (Free:2.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5029B376)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=53 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=234 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 514 MB) (Disk ID: 98A162B8)
Partition 1: (Not Active) - (Size=513 MB) - (Type=0B)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
15.04.2014, 20:16
| #7 |
| /// TB-Ausbilder /// Anleitungs-Guru | GVU Trojaner ohne Abgesicherten Modus Hallo, wir müssen Deine Wechseldatenträger untersuchen: Schritt 1  Panda USB Vaccine Bitte lade Dir von hier Panda USB Vaccine herunter.
Schritt 2 Lade Dir  Malwarebytes Antimalware von hier herunter.
Führe Schritt 2 mit allen in letzter Zeit an den PC angeschlossenen Wechseldatenträgern durch und poste mir die Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
17.04.2014, 08:32
| #8 |
| | GVU Trojaner ohne Abgesicherten Modus Hallo Jürgen nochmal vielen Dank für deine Hilfe und für deine Geduld!!! Hier ist die Textdatei zu Schritt 2!!! Gruß Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.04.2014 Suchlauf-Zeit: 09:25:31 Logdatei: usb1.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.03.04.09 Rootkit Datenbank: v2014.02.20.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: André Suchlauf-Art: Benutzerdefinierter Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 221875 Verstrichene Zeit: 3 Min, 0 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 5 PUP.Optional.Delta.A, C:\Program Files\Delta\delta\1.8.22.0, In Quarantäne, [b19837c8a4d642f4dd788cfa867ccb35], PUP.Optional.Delta.A, C:\Program Files\Delta\delta\1.8.22.0\bh, In Quarantäne, [b19837c8a4d642f4dd788cfa867ccb35], PUP.Optional.OpenCandy, C:\Users\André\AppData\Roaming\OpenCandy, In Quarantäne, [b297946b3a4002344b40bbcb4eb4d62a], PUP.Optional.OpenCandy, C:\Users\André\AppData\Roaming\OpenCandy\314134DFE8ED46E2973EF7CE9B214D32, In Quarantäne, [b297946b3a4002344b40bbcb4eb4d62a], PUP.Optional.FileScout.A, C:\Users\André\AppData\Roaming\File Scout, In Quarantäne, [bb8e718ec2b856e09d061373de24857b], Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) |
|
17.04.2014, 08:53
| #9 | |
| /// TB-Ausbilder /// Anleitungs-Guru | GVU Trojaner ohne Abgesicherten ModusZitat:
Eine Frage, welche Haken hast Du bei den Laufwerken gesetzt?  Hast Du Deinen USB-Stick angesteckt und dessen Laufwerksbuchstaben angeklickt?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
20.04.2014, 17:15
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | GVU Trojaner ohne Abgesicherten Modus Hi, ich hab schon länger keine Antwort mehr von Dir erhalten. Brauchst Du noch Hilfe? Hinweis: Sollte ich die nächsten 24h keine Nachricht von Dir bekommen, lösche ich das Thema aus meinen Abos und werde daher über Änderungen oder Beiträge nicht weiter informiert. Wenn Du weitermachen möchtest, schreib mir dann einfach eine PM. 
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu GVU Trojaner ohne Abgesicherten Modus |
| adobe, association, avira, downloader, gvu - trojaner - abgesicherter modus geht nicht, minidump, pup.optional.delta.a, pup.optional.filescout.a, pup.optional.opencandy, scan, services.exe, software, svchost.exe, temp, vista, windows xp, winlogon.exe |
Linear-Darstellung
