Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.01.2014, 09:19   #1
StartbahnOst
 
Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus? - Standard

Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus?



Guten Morgen,

meine CPU-Auslastung betrug gestern 100 % wegen svchost.exe. Nachdem ich folgenden Eintrag gestern hier gefunden und durchgeführt habe ( http://www.trojaner-board.de/142794-...ml#post1172376 ), ist das CPU-Problem zwar gelöst, aber der Lüfter läuft ununterbrochen und ich bekomme bevor Windows noch bootet von meinem DELL die Meldung "System became warmer than expected error #M1004."

Ich vermute mal, dass es ein Virus ist, weiß es allerdings nicht sicher. Daher frage ich euch mal.

Hier meine Log-Files:

Schritt 1: defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:39 on 22/01/2014 (admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Schritt 2: Systemscan mit FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014
Ran by admin (administrator) on PC1021300608 on 22-01-2014 09:40:40
Running from C:\Users\admin\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
() C:\Program Files\Novell\Client\cusrvc.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
() C:\Windows\System32\nwtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Flux Software LLC) C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [38016 2012-10-28] ()
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-05-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-05-25] (IDT, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-01-11] (Sophos Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Run: [f.lux] - C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\Markus\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2013-10-21] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2013-10-21] (Sophos Limited)
Lsa: [Authentication Packages] msv1_0 ncv1_0
Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA7CAFC711FA3CE01
SearchScopes: HKLM - DefaultScope {F5E1833B-D51C-482D-A095-34C78438EE6C} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {F5E1833B-D51C-482D-A095-34C78438EE6C} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {D905867D-431F-473E-BEE7-FFE7C47079C0} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {D905867D-431F-473E-BEE7-FFE7C47079C0} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {F5E1833B-D51C-482D-A095-34C78438EE6C} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\wyp6xuo0.default
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\wyp6xuo0.default\user.js
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Program Files (x86)\Mozilla Firefox\extensions\de-DE@dictionaries.addons.mozilla.org [2013-04-16]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-18]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-18]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-18]
CHR Extension: (Adblock Plus) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-19]
CHR Extension: (Google-Suche) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-18]
CHR Extension: (Smooth Gestures) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2013-06-19]
CHR Extension: (Facebook AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa [2013-08-12]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Google Mail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-18]

==================== Services (Whitelisted) =================

R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63600 2013-12-17] (CyberGhost S.R.L)
R2 cusrvc; C:\Program Files\Novell\Client\cusrvc.exe [108160 2012-10-28] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2012-05-25] (O2Micro International)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-10-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-10-21] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-03-13] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-10-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-10-21] (Sophos Limited)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [20096 2012-10-28] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-05-25] (Broadcom Corporation.)
S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2012-05-25] (Broadcom Corp.)
S3 d554gps; C:\Windows\system32\drivers\d554gps64.sys [102440 2012-05-25] (Ericsson AB)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-05-25] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-05-25] (Ericsson AB)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-05-25] ()
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [419400 2012-05-25] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [430664 2012-05-25] (MCCI Corporation)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [112256 2012-10-28] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [114816 2012-10-28] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [90240 2012-10-28] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [119936 2012-10-28] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26240 2012-10-28] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31360 2012-10-28] (Novell, Inc.)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2012-05-25] (Novatel Wireless Inc)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [222208 2012-05-25] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [222208 2012-05-25] (Novatel Wireless Inc.)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-05-25] (Novatel Wireless Inc.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-03-13] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-03-13] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-03-13] (Sophos Plc)
S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-25] (STMicroelectronics)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [80000 2012-10-28] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [78976 2012-10-28] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [49280 2012-10-28] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [19584 2012-10-28] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [83584 2012-10-28] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [39040 2012-10-28] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [55936 2012-10-28] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [36992 2012-10-28] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [25216 2012-10-28] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [35968 2012-10-28] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [59520 2012-10-28] (Novell, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-22 09:40 - 2014-01-22 09:41 - 00019813 _____ C:\Users\admin\Desktop\FRST.txt
2014-01-22 09:40 - 2014-01-22 09:40 - 00000000 ____D C:\FRST
2014-01-22 09:39 - 2014-01-22 09:39 - 00000472 _____ C:\Users\admin\Desktop\defogger_disable.log
2014-01-22 09:39 - 2014-01-22 09:39 - 00000000 _____ C:\Users\admin\defogger_reenable
2014-01-22 09:31 - 2014-01-22 09:31 - 02077184 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-01-22 09:30 - 2014-01-22 09:31 - 00380416 _____ C:\Users\admin\Desktop\kfhqcrd0.exe
2014-01-22 09:30 - 2014-01-22 09:30 - 00050477 _____ C:\Users\admin\Desktop\Defogger.exe
2014-01-21 21:26 - 2014-01-22 09:38 - 00000965 _____ C:\Windows\setupact.log
2014-01-21 21:26 - 2014-01-21 21:26 - 00000000 _____ C:\Windows\setuperr.log
2014-01-21 21:25 - 2014-01-21 21:25 - 00000578 _____ C:\Windows\PFRO.log
2014-01-21 20:56 - 2014-01-21 20:56 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-21 20:50 - 2014-01-21 20:54 - 04645232 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup409.exe
2014-01-21 20:39 - 2014-01-21 20:39 - 00007598 _____ C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2014-01-20 22:16 - 2014-01-20 22:17 - 00000000 ____D C:\826009250d56f5e0922922
2014-01-13 20:05 - 2014-01-13 20:06 - 00000000 ____D C:\Users\admin\AppData\Local\Citrix
2014-01-10 01:57 - 2014-01-10 01:57 - 05992577 _____ C:\Users\admin\Downloads\modem_V6.P8 (1).zip
2014-01-10 01:43 - 2014-01-10 01:43 - 05992577 _____ C:\Users\admin\Downloads\modem_V6.P8.zip
2014-01-10 00:46 - 2014-01-10 00:46 - 03399079 _____ C:\Users\admin\Downloads\Haribo PP alternative last version....pptx
2014-01-10 00:38 - 2014-01-10 00:39 - 07306903 _____ C:\Users\admin\Downloads\CUBOT ONE T Card Upgrade Instruction.rar
2014-01-09 23:48 - 2014-01-09 23:48 - 05894144 _____ C:\Users\admin\Downloads\recovery.img
2014-01-09 23:41 - 2014-01-09 23:42 - 00000000 ____D C:\Users\admin\Desktop\Neuer Ordner
2014-01-09 23:41 - 2014-01-09 23:41 - 00570531 _____ C:\Users\admin\Downloads\Adb-fastboot.zip
2014-01-09 23:35 - 2014-01-09 23:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-01-09 23:33 - 2014-01-09 23:38 - 503735416 _____ C:\Users\admin\Downloads\adt-bundle-windows-x86_64-20131030.zip
2014-01-09 23:32 - 2014-01-09 23:32 - 06382067 _____ C:\Users\admin\Downloads\usb_driver (1).rar
2014-01-09 23:31 - 2014-01-09 23:31 - 00000000 ____D C:\Users\admin\Desktop\usb_driver
2014-01-09 23:31 - 2010-08-21 17:35 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-01-09 23:31 - 2010-08-21 17:35 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-01-09 23:30 - 2014-01-09 23:30 - 06382067 _____ C:\Users\admin\Downloads\usb_driver.rar
2014-01-07 19:34 - 2014-01-08 22:55 - 00000000 ____D C:\Users\admin\AppData\Local\CyberGhost
2014-01-07 19:33 - 2014-01-07 19:34 - 00000000 ____D C:\Program Files\TAP-Windows
2014-01-07 19:33 - 2014-01-07 19:33 - 00597304 _____ C:\Users\admin\Downloads\flux-setup.exe
2014-01-07 19:33 - 2014-01-07 19:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2014-01-07 19:33 - 2014-01-07 19:33 - 00000000 ____D C:\Users\admin\AppData\Local\FluxSoftware
2014-01-07 19:32 - 2014-01-07 19:39 - 00000000 ____D C:\Program Files\CyberGhost 5
2014-01-07 19:32 - 2014-01-07 19:32 - 00001735 _____ C:\Users\admin\Desktop\CyberGhost 5.lnk
2014-01-07 19:30 - 2014-01-07 19:30 - 08566128 _____ (CyberGhost S.R.L.                                           ) C:\Users\admin\Downloads\CG_5.0.9.8chip.de.exe

==================== One Month Modified Files and Folders =======

2014-01-22 09:41 - 2014-01-22 09:40 - 00019813 _____ C:\Users\admin\Desktop\FRST.txt
2014-01-22 09:40 - 2014-01-22 09:40 - 00000000 ____D C:\FRST
2014-01-22 09:40 - 2010-11-21 07:21 - 00699666 _____ C:\Windows\system32\perfh007.dat
2014-01-22 09:40 - 2010-11-21 07:21 - 00149774 _____ C:\Windows\system32\perfc007.dat
2014-01-22 09:40 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-22 09:39 - 2014-01-22 09:39 - 00000472 _____ C:\Users\admin\Desktop\defogger_disable.log
2014-01-22 09:39 - 2014-01-22 09:39 - 00000000 _____ C:\Users\admin\defogger_reenable
2014-01-22 09:39 - 2013-06-12 12:30 - 00000000 ____D C:\Users\admin
2014-01-22 09:38 - 2014-01-21 21:26 - 00000965 _____ C:\Windows\setupact.log
2014-01-22 09:37 - 2013-04-03 15:36 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-22 09:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-22 09:36 - 2009-07-14 05:45 - 00019120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 09:36 - 2009-07-14 05:45 - 00019120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 09:31 - 2014-01-22 09:31 - 02077184 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-01-22 09:31 - 2014-01-22 09:30 - 00380416 _____ C:\Users\admin\Desktop\kfhqcrd0.exe
2014-01-22 09:30 - 2014-01-22 09:30 - 00050477 _____ C:\Users\admin\Desktop\Defogger.exe
2014-01-21 21:27 - 2013-04-03 15:36 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 21:26 - 2014-01-21 21:26 - 00000000 _____ C:\Windows\setuperr.log
2014-01-21 21:25 - 2014-01-21 21:25 - 00000578 _____ C:\Windows\PFRO.log
2014-01-21 21:23 - 2013-04-03 01:08 - 02044066 _____ C:\Windows\WindowsUpdate.log
2014-01-21 21:11 - 2013-08-06 13:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\FileZilla
2014-01-21 21:09 - 2013-08-30 07:56 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2014-01-21 21:09 - 2013-03-13 14:21 - 00000000 ____D C:\Windows\Panther
2014-01-21 20:57 - 2013-04-05 11:24 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-21 20:56 - 2014-01-21 20:56 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-21 20:56 - 2013-04-05 11:24 - 00000000 ____D C:\Program Files\CCleaner
2014-01-21 20:54 - 2014-01-21 20:50 - 04645232 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup409.exe
2014-01-21 20:44 - 2013-03-13 16:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 20:39 - 2014-01-21 20:39 - 00007598 _____ C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2014-01-21 20:26 - 2013-07-16 10:26 - 00000000 ____D C:\Users\admin\Documents\Outlook-Dateien
2014-01-20 22:17 - 2014-01-20 22:16 - 00000000 ____D C:\826009250d56f5e0922922
2014-01-20 22:17 - 2013-08-14 09:18 - 00000000 ____D C:\Windows\system32\MRT
2014-01-20 22:17 - 2013-03-13 15:41 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 23:23 - 2013-10-28 15:54 - 00000000 ___RD C:\Users\admin\SkyDrive
2014-01-14 20:50 - 2013-10-28 15:54 - 00004972 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC1021300608-admin pc1021300608
2014-01-14 20:33 - 2013-06-12 12:30 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-14 20:30 - 2013-07-22 09:58 - 00000000 ____D C:\Users\admin\AppData\Roaming\Dropbox
2014-01-13 20:06 - 2014-01-13 20:05 - 00000000 ____D C:\Users\admin\AppData\Local\Citrix
2014-01-10 01:57 - 2014-01-10 01:57 - 05992577 _____ C:\Users\admin\Downloads\modem_V6.P8 (1).zip
2014-01-10 01:43 - 2014-01-10 01:43 - 05992577 _____ C:\Users\admin\Downloads\modem_V6.P8.zip
2014-01-10 00:46 - 2014-01-10 00:46 - 03399079 _____ C:\Users\admin\Downloads\Haribo PP alternative last version....pptx
2014-01-10 00:39 - 2014-01-10 00:38 - 07306903 _____ C:\Users\admin\Downloads\CUBOT ONE T Card Upgrade Instruction.rar
2014-01-09 23:48 - 2014-01-09 23:48 - 05894144 _____ C:\Users\admin\Downloads\recovery.img
2014-01-09 23:42 - 2014-01-09 23:41 - 00000000 ____D C:\Users\admin\Desktop\Neuer Ordner
2014-01-09 23:41 - 2014-01-09 23:41 - 00570531 _____ C:\Users\admin\Downloads\Adb-fastboot.zip
2014-01-09 23:38 - 2014-01-09 23:33 - 503735416 _____ C:\Users\admin\Downloads\adt-bundle-windows-x86_64-20131030.zip
2014-01-09 23:35 - 2014-01-09 23:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-01-09 23:32 - 2014-01-09 23:32 - 06382067 _____ C:\Users\admin\Downloads\usb_driver (1).rar
2014-01-09 23:31 - 2014-01-09 23:31 - 00000000 ____D C:\Users\admin\Desktop\usb_driver
2014-01-09 23:30 - 2014-01-09 23:30 - 06382067 _____ C:\Users\admin\Downloads\usb_driver.rar
2014-01-08 22:55 - 2014-01-07 19:34 - 00000000 ____D C:\Users\admin\AppData\Local\CyberGhost
2014-01-08 22:55 - 2013-06-12 12:30 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2014-01-07 19:39 - 2014-01-07 19:32 - 00000000 ____D C:\Program Files\CyberGhost 5
2014-01-07 19:34 - 2014-01-07 19:33 - 00000000 ____D C:\Program Files\TAP-Windows
2014-01-07 19:33 - 2014-01-07 19:33 - 00597304 _____ C:\Users\admin\Downloads\flux-setup.exe
2014-01-07 19:33 - 2014-01-07 19:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2014-01-07 19:33 - 2014-01-07 19:33 - 00000000 ____D C:\Users\admin\AppData\Local\FluxSoftware
2014-01-07 19:32 - 2014-01-07 19:32 - 00001735 _____ C:\Users\admin\Desktop\CyberGhost 5.lnk
2014-01-07 19:30 - 2014-01-07 19:30 - 08566128 _____ (CyberGhost S.R.L.                                           ) C:\Users\admin\Downloads\CG_5.0.9.8chip.de.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-16 14:32

==================== End Of Log ============================
         
Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2014
Ran by admin at 2014-01-22 09:41:43
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 4.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Agent Ransack 2010 (64-bit) (Version:  - )
Altap Salamander 3.0 beta 3 (PB103 x64) (Version: 3.0 beta 3 (PB103 x64) - ALTAP)
CCleaner (Version: 4.09 - Piriform)
Citrix Online Launcher (x32 Version: 1.0.168 - Citrix)
CodeBlocks (HKCU Version: 12.11 - The Code::Blocks Team)
CyberGhost 5 (Version:  - CyberGhost S.R.L.)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version:  - Microsoft)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (Version:  - Microsoft)
Dell Touchpad (Version: 7.1211.101.114 - ALPS ELECTRIC CO., LTD.)
DivX-Setup (x32 Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKCU Version: 2.0.26 - Dropbox, Inc.)
f.lux (HKCU Version:  - )
FileZilla Client 3.7.1.1 (x32 Version: 3.7.1.1 - Tim Kosse)
Frutiger CI Fonts Installer (x32 Version: 1.0.0.1)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259 - CitrixOnline)
GPL Ghostscript (Version: 9.07 - Artifex Software Inc.)
GroupWise (x32 Version: 12.0.1 - Novell)
GroupWise Client - VC Runtimes (release) (x32 Version: 1.00.0000 - Novell) Hidden
GSview 5.0 (Version: 5.0 - Ghostgum Software Pty Ltd)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (Version: 1.7.0.450 - Oracle)
Mendeley Desktop 1.8.4 (x32 Version: 1.8.4 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Lync Basic 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft LyncEntry 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
MiKTeX 2.9 (Version: 2.9 - MiKTeX.org)
MozBackup 1.5.1 (x32 Version:  - Pavel Cvrcek)
Mozilla Firefox 20.0.1 (x86 de) (x32 Version: 20.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 20.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
NICI (64 bit) (Version: 2.7.6 - Novell, Inc.)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1) (x32 Version:  - )
NMAS Challenge Response Method (Version: 2.8.3.3 - Novell, Inc.)
NMAS Client (Version: 3.5.1.1 - Novell, Inc.)
Notepad++ (x32 Version: 6.3.2 - Notepad++ Team)
Novell Client für Windows (Version: 2 SP2 (IR5) - Novell, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
R for Windows 3.0.0 (Version: 3.0.0 - R Core Team)
Roxio Creator Copy (x32 Version: 3.8.0 - Roxio)
Roxio Creator Data (x32 Version: 3.8.0 - Roxio)
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.10 (x32 Version: 6.10.104 - Skype Technologies S.A.)
Sophos Anti-Virus (x32 Version: 10.3.1 - Sophos Limited)
Sophos AutoUpdate (x32 Version: 2.9.0.344 - Sophos Limited)
Spotify (HKCU Version: 0.9.1.57.ge7405149 - Spotify AB)
SWFPlayer 2.6.2.0 (x32 Version: 2.6.2.0 - Michael Faust, Alpha Interactive)
TAP-Windows 9.9.2 (Version: 9.9.2 - )
TeamViewer 8 (x32 Version: 8.0.22298 - TeamViewer)
TeXnicCenter Version 2.0 Beta 1 (Version: 2.0 Beta 1 - The TeXnicCenter Team)
Trillian (x32 Version:  - Cerulean Studios, LLC)
Uni CI Fonts Installer (x32 Version: 1.2.0.1)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
XML Notepad 2007 (x32 Version: 2.3.0.0 - Microsoft Corporation)
Zotero Standalone 4.0.5 (x86 en-US) (x32 Version: 4.0.5 - Zotero)

==================== Restore Points  =========================

21-11-2013 17:56:40 Installed Java 7 Update 45
26-11-2013 22:53:41 Windows Update
30-11-2013 03:18:21 Windows Update
05-12-2013 00:15:40 Windows Update
17-12-2013 22:31:36 Windows Update
18-12-2013 17:47:35 Windows Update
07-01-2014 18:33:17 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter
09-01-2014 21:57:02 Windows Update
09-01-2014 22:34:51 Gerätetreiber-Paketinstallation: Google, Inc.
14-01-2014 19:30:27 Windows Update
20-01-2014 21:11:32 Windows Update
21-01-2014 19:28:47 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0383F29B-4569-47E4-B0D4-55F6F3FFDE4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03] (Google Inc.)
Task: {1C91AF02-07D2-45B3-99BF-A65A1EE264A2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {2BF6A41B-9E3A-46DD-8C8F-2B13B53DCA8A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {5384EFFB-5F25-4DBB-97A4-DA0C545C67B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03] (Google Inc.)
Task: {5633A685-455E-428C-A47B-67E5476CDD2F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PC1021300608-admin pc1021300608 => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation)
Task: {5C0ECB42-76F4-45CD-9BCA-0896BAC3E2CF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8888D8C3-26D8-426E-8727-2D8D2EB563C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-04-03 01:06 - 2012-10-28 17:59 - 01002112 _____ () C:\Windows\system32\ncnetprovider.dll
2013-03-13 14:27 - 2012-10-28 17:59 - 00108672 _____ () C:\Windows\system32\NCLangID.dll
2013-04-03 01:06 - 2012-10-28 17:59 - 00174208 _____ () C:\Windows\system32\MAPBASE.dll
2013-04-03 01:06 - 2012-10-28 17:59 - 00270976 _____ () C:\Windows\system32\NWSHLXNT.dll
2013-03-13 14:27 - 2012-03-12 17:40 - 00016384 _____ () C:\Windows\system32\nls\DEUTSCH\NCLangIDR.DLL
2013-04-03 01:06 - 2012-03-12 17:40 - 00086528 _____ () C:\Windows\system32\nls\DEUTSCH\MAPBASER.DLL
2013-04-03 01:06 - 2012-03-12 17:40 - 00102400 _____ () C:\Windows\system32\nls\DEUTSCH\NWSHLXNTR.DLL
2013-04-03 01:06 - 2012-03-12 17:40 - 00496640 _____ () C:\Windows\system32\nls\DEUTSCH\ncnetproviderR.DLL
2013-04-03 01:06 - 2012-10-28 17:59 - 01002112 _____ () C:\Windows\System32\NCNetProvider.DLL
2013-03-13 14:27 - 2012-10-28 17:59 - 00108672 _____ () C:\Windows\System32\NCLangID.dll
2013-04-03 01:06 - 2012-10-28 17:59 - 00174208 _____ () C:\Windows\System32\MAPBASE.dll
2013-04-03 01:06 - 2012-10-28 17:59 - 00270976 _____ () C:\Windows\System32\NWSHLXNT.dll
2013-03-13 14:27 - 2012-03-12 17:40 - 00016384 _____ () C:\Windows\System32\nls\DEUTSCH\NCLangIDR.DLL
2013-04-03 01:06 - 2012-03-12 17:40 - 00086528 _____ () C:\Windows\System32\nls\DEUTSCH\MAPBASER.DLL
2013-04-03 01:06 - 2012-03-12 17:40 - 00102400 _____ () C:\Windows\System32\nls\DEUTSCH\NWSHLXNTR.DLL
2013-04-03 01:06 - 2012-03-12 17:40 - 00496640 _____ () C:\Windows\System32\nls\DEUTSCH\NCNetProviderR.DLL
2013-04-03 00:57 - 2012-05-25 17:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2014 09:38:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2014 09:35:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 09:28:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 08:25:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 10:17:53 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (01/20/2014 10:07:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2014 06:34:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2014 08:27:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2014 08:12:45 PM) (Source: Microsoft Office 14) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Outlook.

Error: (01/13/2014 07:43:08 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"


System errors:
=============
Error: (01/22/2014 09:38:44 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/22/2014 09:38:43 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/22/2014 09:38:42 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/21/2014 09:29:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "CyberGhost VPN 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/21/2014 09:29:00 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost VPN 5 Client Service erreicht.

Error: (01/21/2014 09:27:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sophos Anti-Virus" wurde nicht richtig gestartet.

Error: (01/21/2014 08:24:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "CyberGhost VPN 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/21/2014 08:24:37 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost VPN 5 Client Service erreicht.

Error: (01/21/2014 08:23:25 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎20.‎01.‎2014 um 22:38:43 unerwartet heruntergefahren.

Error: (01/20/2014 10:07:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "CyberGhost VPN 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (01/22/2014 09:38:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2014 09:35:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 09:28:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 08:25:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 10:17:53 PM) (Source: Windows Backup)(User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (01/20/2014 10:07:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2014 06:34:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2014 08:27:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2014 08:12:45 PM) (Source: Microsoft Office 14)(User: )
Description: Microsoft OutlookOutlook konnte zuletzt nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?

Error: (01/13/2014 07:43:08 PM) (Source: Windows Backup)(User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 3969.86 MB
Available physical RAM: 2583.52 MB
Total Pagefile: 9921.04 MB
Available Pagefile: 8432.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:297.99 GB) (Free:235.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D5B93502)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Schritt 3: Scan mit GMER
Code:
ATTFilter
GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-22 09:59:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST320LT0 rev.0007 298,09GB
Running: kfhqcrd0.exe; Driver: C:\Users\admin\AppData\Local\Temp\kflirfoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                                     fffff80003008000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594                                                                                                                                                                     fffff80003008042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                           0000000076ae1465 2 bytes [AE, 76]
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                          0000000076ae14bb 2 bytes [AE, 76]
.text     ...                                                                                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                             0000000076ae1465 2 bytes [AE, 76]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                            0000000076ae14bb 2 bytes [AE, 76]
.text     ...                                                                                                                                                                                                                                    * 2
.text     C:\Windows\system32\o2flash.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                          0000000076ae1465 2 bytes [AE, 76]
.text     C:\Windows\system32\o2flash.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                         0000000076ae14bb 2 bytes [AE, 76]
.text     ...                                                                                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                              0000000076ae1465 2 bytes [AE, 76]
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                             0000000076ae14bb 2 bytes [AE, 76]
.text     ...                                                                                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                         0000000076ae1465 2 bytes [AE, 76]
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                        0000000076ae14bb 2 bytes [AE, 76]
.text     ...                                                                                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                        0000000076ae1465 2 bytes [AE, 76]
.text     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                       0000000076ae14bb 2 bytes [AE, 76]
.text     ...                                                                                                                                                                                                                                    * 2
.text     C:\Windows\Explorer.EXE[3244] C:\Windows\system32\kernel32.dll!CopyFileExW                                                                                                                                                             00000000775323d0 5 bytes JMP 000000016fff00d8
.text     C:\Windows\Explorer.EXE[3244] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW                                                                                                                                                   00000000775af6c0 8 bytes JMP 000000016fff0110
.text     C:\Windows\Explorer.EXE[3244] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                                                           000007fefede7490 11 bytes JMP 000007fffed800d8
.text     C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                  0000000076ae1465 2 bytes [AE, 76]
.text     C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                 0000000076ae14bb 2 bytes [AE, 76]
.text     ...                                                                                                                                                                                                                                    * 2
.text     C:\Users\admin\Desktop\kfhqcrd0.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                      0000000076ae1465 2 bytes [AE, 76]
.text     C:\Users\admin\Desktop\kfhqcrd0.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                     0000000076ae14bb 2 bytes [AE, 76]
.text     ...                                                                                                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [4872:5084]                                                                                                                                                                                            000007feebd59688
---- Processes - GMER 2.1 ----

Library   C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [760]                                                                                                                 0000000075200000
Library   C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [956]                                                                                                                  0000000075200000
Library   C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1028]                                                                                                                 0000000075200000
Library   C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1952]                                                                                                                 0000000075200000
Library   C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (*** suspicious ***) @ C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [2008]                                                                                      0000000075200000
Library   C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (*** suspicious ***) @ C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2760]                                                                   00000000717d0000
Library   C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (*** suspicious ***) @ C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2832]                                                                                  00000000717d0000
Library   C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (*** suspicious ***) @ C:\Program Files\CyberGhost 5\Service.exe [3060]                                                                                                       0000000075200000
Library   C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3244] (Microsoft SkyDrive Shell Extension/Microsoft Corporation SIGNED)(2013-10-28 14:54:01)  000007fef15a0000
Library   C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\MSVCP110.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3244] (Microsoft® C Runtime Library/Microsoft Corporation SIGNED)(2013-10-28 14:54:00)               000007fef14f0000
Library   C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\MSVCR110.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3244] (Microsoft® C Runtime Library/Microsoft Corporation SIGNED)(2013-10-28 14:54:00)               000007fef12b0000
Library   C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3244]                                                                                                                   000007fef0800000
Process   C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe (*** suspicious ***) @ C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe [4060]                                                                                          0000000000400000
Library   C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (*** suspicious ***) @ C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe [4060]                                                                                            00000000717d0000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2016d89e381f                                                                                                                                                            
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2016d89e381f (not active ControlSet)                                                                                                                                        

---- EOF - GMER 2.1 ----
         
Kann mir jemand helfen?

Alt 22.01.2014, 10:53   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus? - Standard

Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus?



Hi,

was genau hast Du alles gemacht?
__________________

__________________

Alt 22.01.2014, 18:03   #3
StartbahnOst
 
Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus? - Standard

Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus?



Hi,

ich habe folgende Schritte unternommen:

Ich habe unter START -> Systemsteuerung -> Verwaltung -> Dienste -> Automatische Updates (Doppelklick) -> Starttyp ändern auf 'Deaktiviert' -> Beenden anklicken.

Jetzt im Windowsordner (in der Regel C:\WINDOWS) den Ordner 'Software Distribution' suchen und umbenennen, z. B. in: Zzz..Software.Distribution..zzZ


Lüfter ist jetzt - zu Hause - ganz normal, was komisch ist, denn in der Arbeit blies er ununterbrochen. Jetzt wiederum habe ich allmählich das Problem mit der steigenden CPU-Auslastung. Ist in den Log-Files was außergewöhnliches?
__________________

Alt 23.01.2014, 12:13   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus? - Standard

Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus?



Nit wirklich.


ProcessExplorer als Ersatz für den Windows Taskmanager installieren

Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden.

Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt.

Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus?
adblock, browser, ccsetup, cubot, cubot one, cyberghost, defender, error, excel, explorer, flash player, frage, ftp, haribo, helper, homepage, installation, monitor, mozilla, programm, registry, rundll, security, services.exe, software, starten, system, temp, usb, virus, windows



Ähnliche Themen: Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus?


  1. CPU sark beansprucht! Lüfter laut!
    Log-Analyse und Auswertung - 09.05.2015 (12)
  2. Windows 7 Lüfter durchgehend laut CPU Auslastung gering - PC neu aufgesetzt nach Virenbefall
    Log-Analyse und Auswertung - 19.02.2015 (18)
  3. Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut.
    Plagegeister aller Art und deren Bekämpfung - 22.05.2014 (20)
  4. Ständig neue Geräte am Router die nach manueller löschung und reset automatisch verbinden (kein WLAN)
    Log-Analyse und Auswertung - 27.07.2013 (7)
  5. Svchost.exe macht laut Kaspersky Probleme?
    Log-Analyse und Auswertung - 05.01.2013 (5)
  6. Lüfter laut, CPU- und Arbeitsspeicherauslastung hoch
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (5)
  7. CPU Lüfter (vielleicht Grafikkarte) sehr laut
    Netzwerk und Hardware - 22.07.2012 (17)
  8. CPU Lüfter zu laut
    Netzwerk und Hardware - 09.07.2012 (8)
  9. Laptop Lüfter rattert auf eine art und ist extrem laut
    Netzwerk und Hardware - 21.05.2012 (9)
  10. Lüfter sehr laut, Laut Highjackthis-Analyse Schadsoftware auf Laptop
    Log-Analyse und Auswertung - 05.12.2011 (10)
  11. Lüfter wird laut :/
    Netzwerk und Hardware - 16.11.2011 (1)
  12. svchost.exe verbraucht sehr viel Arbeitsspeicher. Virus?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2011 (8)
  13. Lüfter extrem laut
    Log-Analyse und Auswertung - 07.07.2010 (18)
  14. Lüfter zu laut
    Netzwerk und Hardware - 07.06.2009 (8)
  15. PC auf einmal sehr leise - Lüfter defekt?
    Netzwerk und Hardware - 18.02.2009 (3)
  16. CPU-AUSLASTUNG sehr hoch? PC-sehr laut
    Antiviren-, Firewall- und andere Schutzprogramme - 22.02.2008 (2)

Zum Thema Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus? - Guten Morgen, meine CPU-Auslastung betrug gestern 100 % wegen svchost.exe. Nachdem ich folgenden Eintrag gestern hier gefunden und durchgeführt habe ( http://www.trojaner-board.de/142794-...ml#post1172376 ), ist das CPU-Problem zwar gelöst, aber der - Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus?...
Archiv
Du betrachtest: Lüfter nach manueller svchost.exe-Behandlung sehr laut - Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.