| |
| |||||||
Log-Analyse und Auswertung: Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
10.06.2014, 00:12
| #1 |
 |  Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Hallo, habe seit einigen Tagen ein Problem mit dem Avira Free Antivirus. Habe festgestellt, dass keine Updates heruntergeladen werden, wollte es manuell starten, daraufhin erschien ein Fenster mit der Meldung "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert". Dasselbe geschah beim MBAM Aufruf. Habe im abgesicherten Modus MBAM Scan durchgeführt und einige Schädlinge entfernt. Nach dem Neustart habe ich aber nach wie vor kein Zugriff auf Avira oder MBAM. Es scheint etwas hartnäckigeres Problem zu sein, deswegen bitte ich um Unterstützung. Die Log-Dateien von MBAM, Defogger, FRST und GMER sind anbei. MBAM: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.06.01.07 Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7600.16385 Admin :: Bruce [Administrator] 01.06.2014 19:40:03 mbam-log-2014-06-01 (19-40-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 842300 Laufzeit: 2 Stunde(n), 4 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\voisert (Trojan.Proxy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|jmckonc (Trojan.Ransom.Gend) -> Daten: regsvr32.exe "C:\ProgramData\jmckonc.dat" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IgzigYolsi (Trojan.Ransom.Gend) -> Daten: regsvr32.exe "C:\ProgramData\IgzigYolsi.dat" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\jmckonc.dat (Trojan.Ransom.Gend) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IgzigYolsi.dat (Trojan.Ransom.Gend) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Local\voisert.dll (Trojan.Proxy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-06-2014 01
Ran by Admin (administrator) on BRUCE on 09-06-2014 17:35:11
Running from I:\Anti-Malware
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
() C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files\phonostar-Player\phonostarTimer.exe
(LG Electronics) C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
() C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\cloneTestDDCCI.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Gigabyte Technology CO., LTD.) C:\Program Files\GIGABYTE\smart6\timelock\AlarmClock.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
(Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [phonostarTimer] => C:\Program Files\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [vProt] => C:\Program Files\vShare\vprot.exe
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [phonostar-PlayerTimer] => C:\Program Files\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\MountPoints2: {3418f6e4-0a29-11e2-bd11-00040ec4d221} - T:\setup.exe
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Package.lnk
ShortcutTarget: Dual Package.lnk -> C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe (LG Electronics)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4A6E99F659AFCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}-trash [2012-07-10]
FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: BetterPrivacy - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2012-01-22]
FF Extension: bidbag Remote - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\development@bidbag.de.xpi [2012-11-11]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-10]
FF Extension: DownThemAll! - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-12-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-02]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-17]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-02]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-17]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 DES2 Service; C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Smart TimeLock; C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
==================== Drivers (Whitelisted) ====================
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)
R3 gdrv; C:\Windows\gdrv.sys [17488 2014-06-09] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2010-12-17] ()
S3 LGDDCDevice; C:\Windows\system32\LGI2CDriver.sys [16384 2010-08-04] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\system32\LGPII2CDriver.sys [19968 2011-02-11] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2070-01-01 01:00 - 2012-04-27 20:14 - 00000000 ____D () C:\Users\Admin\Downloads\BOTANICULA
2014-06-09 13:11 - 2014-06-09 17:35 - 00000000 ____D () C:\FRST
2014-05-31 23:02 - 2014-05-31 23:02 - 00159688 _____ () C:\Windows\Minidump\053114-32573-01.dmp
2014-05-26 10:31 - 2014-05-26 10:31 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-26 00:34 - 2014-05-26 00:49 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-26 00:34 - 2014-05-26 00:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-26 00:23 - 2014-05-26 00:23 - 00000838 _____ () C:\Users\Admin\Desktop\Uninstall_Flash.txt
2014-05-26 00:21 - 2014-05-26 00:21 - 00848048 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\uninstall_flash_player.exe
2014-05-18 04:06 - 2014-05-18 04:06 - 01136048 _____ () C:\Windows\Minidump\051814-26020-01.dmp
2014-05-17 23:33 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-05-17 23:33 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-05-17 23:33 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-05-17 23:33 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-05-17 23:33 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-05-17 23:33 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-05-17 23:33 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-05-17 23:32 - 2014-05-17 23:33 - 00000000 ____D () C:\Windows\system32\directx
2014-05-17 23:32 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-05-17 23:32 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-05-17 23:32 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-05-17 23:32 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-05-17 23:32 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-05-17 23:32 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-05-17 23:32 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-05-17 23:32 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-05-17 23:32 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-05-17 23:32 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-05-17 23:32 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-05-17 23:32 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-05-17 23:32 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-05-17 23:32 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-05-17 23:32 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-05-17 23:32 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-05-10 00:18 - 2014-05-10 00:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-06-09 17:35 - 2014-06-09 13:11 - 00000000 ____D () C:\FRST
2014-06-09 17:35 - 2010-12-13 23:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\Temp
2014-06-09 17:15 - 2011-01-09 00:07 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 17:13 - 2010-12-14 23:43 - 00000000 ____D () C:\Program Files\Adobe
2014-06-09 16:15 - 2010-12-13 22:52 - 01405415 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 13:14 - 2011-01-09 00:07 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 12:51 - 2009-07-14 06:34 - 00024848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 12:51 - 2009-07-14 06:34 - 00024848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 12:44 - 2010-12-14 23:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-06-09 11:36 - 2010-12-13 22:53 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 11:32 - 2013-04-18 21:55 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp
2014-06-09 11:32 - 2010-12-14 00:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-09 11:31 - 2010-12-14 01:14 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-09 11:31 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 11:31 - 2009-07-14 06:39 - 00086801 _____ () C:\Windows\setupact.log
2014-06-05 00:02 - 2011-11-05 15:08 - 00000000 ____D () C:\Users\Admin\Documents\Eigene Scans
2014-06-01 23:18 - 2011-01-09 13:53 - 01319860 _____ () C:\Windows\PFRO.log
2014-05-31 23:09 - 2013-04-18 21:55 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4
2014-05-31 23:02 - 2014-05-31 23:02 - 00159688 _____ () C:\Windows\Minidump\053114-32573-01.dmp
2014-05-31 23:02 - 2011-05-20 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-30 17:05 - 2011-01-08 22:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-05-26 10:31 - 2014-05-26 10:31 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-26 10:31 - 2011-01-08 22:39 - 00000000 ___RD () C:\Program Files\Skype
2014-05-26 10:31 - 2011-01-08 22:39 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 00:49 - 2014-05-26 00:34 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-26 00:49 - 2014-05-26 00:34 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-26 00:49 - 2010-12-14 23:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-05-26 00:23 - 2014-05-26 00:23 - 00000838 _____ () C:\Users\Admin\Desktop\Uninstall_Flash.txt
2014-05-26 00:21 - 2014-05-26 00:21 - 00848048 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\uninstall_flash_player.exe
2014-05-18 04:06 - 2014-05-18 04:06 - 01136048 _____ () C:\Windows\Minidump\051814-26020-01.dmp
2014-05-18 04:06 - 2012-07-10 23:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-18 03:59 - 2010-12-14 00:13 - 00003731 _____ () C:\Windows\avmfwlanci.log
2014-05-18 03:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-17 23:33 - 2014-05-17 23:32 - 00000000 ____D () C:\Windows\system32\directx
2014-05-16 20:15 - 2013-10-05 20:11 - 00000000 ____D () C:\Users\Admin\Downloads\Rechnungen o2
2014-05-10 00:19 - 2014-05-10 00:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
ZeroAccess:
C:\Users\Admin\AppData\Local\{e8bbda05-74da-a9a6-e575-5a1a8f5d5987}
C:\Users\Admin\AppData\Local\{e8bbda05-74da-a9a6-e575-5a1a8f5d5987}\@
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\Checkupdate.exe
C:\Users\Admin\AppData\Local\Temp\foxDDC1.exe
C:\Users\Admin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Admin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Admin\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Admin\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2010-12-13 22:38
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-06-2014 01
Ran by Admin at 2014-06-09 17:35:29
Running from I:\Anti-Malware
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
==================== Installed Programs ======================
@BIOS (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
AutoGreen B09.1014.2 (HKLM\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (Version: 1.00.0000 - GIGABYTE) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - AVM Berlin)
Botanicula (HKLM\...\Botanicula_is1) (Version: - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5300 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
CBReader (HKLM\...\CBReader ) (Version: - ChessBase GmbH)
ChessBase 12 (HKLM\...\{FCBFC686-53B0-4CB0-A820-E9D20C95FABE}) (Version: 12.1.0.0 - ChessBase)
Cisco Unified Presenter Add-in 6x5 (HKCU\...\Cisco Unified Presenter Add-in 6x5) (Version: - )
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
DES 2.0 (HKLM\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Directory Lister Pro v1.62 (HKLM\...\Directory Lister Pro_is1) (Version: 1.62 - KRKSoft)
Dual Package (HKLM\...\{37365259-9D37-4FBE-9204-08B4034623B6}) (Version: 2.9 - LG Soft India Pvt Ltd)
Easy Tune 6 B10.0521.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (Version: 1.00.0000 - GIGABYTE) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ7.4 (HKLM\...\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}) (Version: 7.4 - ICQ)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IsoBuster 2.8.5 (HKLM\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
LockHunter 3.0, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero MediaHome 4 (Version: 4.5.20.45 - Nero AG) Hidden
Nero MediaHome 4 Essentials (HKLM\...\{04d0813a-6e8b-40a5-a2c7-d929ccd2b5e1}) (Version: - Nero AG)
Nero MediaHome 4 Help (Version: 4.5.5.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Treiber 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 260.99 - NVIDIA Corporation)
NVIDIA Grafiktreiber 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 260.99 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.1.9.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.9.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.0.14.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6099 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 260.99 (Version: 260.99 - NVIDIA Corporation) Hidden
ON_OFF Charge B10.0427.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Ontrack EasyRecovery Home (HKLM\...\{B8686BCF-5181-477F-9CBE-786391011B9C}_is1) (Version: 11.0.2.0 - Kroll Ontrack Inc.)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
phonostar-Player Version 3.03.1 (HKLM\...\phonostar3RadioPlayer_is1) (Version: - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Pocket Informant Pro 2007 (HKLM\...\Pocket Informant) (Version: Pro 2007 - Web IS, Inc.)
PS_AIO_04_C5300_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.00042 - Realtek Semiconductor Corp.)
Remote Master (HKLM\...\Remote Master) (Version: - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScummVM 1.4.1 (HKLM\...\ScummVM_is1) (Version: - The ScummVM Team)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart 6 B10.0422.1 (HKLM\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
t@x 2013 (HKCU\...\{6737F045-A91A-4177-9C8C-59460FC1C84D}) (Version: 20.00.8137 - Buhl Data Service GmbH)
t@x 2014 (HKCU\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.50 - Ghisler Software GmbH)
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.8.0 - Tweaking.com)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinCDEmu (HKLM\...\WinCDEmu) (Version: 3.6 - Bazis)
WISO Mein Geld 2012 Professional (HKLM\...\WISO Mein Geld 2012 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2012 Professional (Version: 14.0.1.18 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2011 (HKLM\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.06.7056 - Buhl Data Service GmbH)
==================== Restore Points =========================
06-06-2014 20:03:29 Automatic creation
08-06-2014 14:43:06 Automatic creation
09-06-2014 10:02:05 Automatic creation
==================== Hosts content: ==========================
2009-07-14 04:04 - 2012-09-04 23:41 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {2FDB101E-045E-4920-A563-87DF08C0D382} - System32\Tasks\AdobeAAMUpdater-1.0-Bruce-Admin => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {38F837AD-0813-4003-B978-4754B291A6C7} - System32\Tasks\{A77DCEAA-D94D-4E61-A213-F36BBBFACACC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/ru/abandoninstall?page=tsProgressBar
Task: {55687A7D-1D91-421E-9BCA-2DA6F9D82C8A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {5E4CDD35-1667-442C-811D-00D6768A9FB2} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {67288036-726A-4EB2-AA43-FC51DC02B194} - System32\Tasks\{33AA7B1C-74E9-45CF-B2D3-1B23F4ABB1E0} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/ru/abandoninstall?page=tsProgressBar
Task: {72061602-B23D-4837-94FD-3B320E38F4C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-09] (Google Inc.)
Task: {CFDC9FF3-86CF-4516-A70B-CF460ACCD4B0} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {E507B357-E7E9-4B99-88A1-78D19747C3FE} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {F5B12AFD-B600-48E8-B52D-9C7F79B90C97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-09] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-08-05 01:32 - 2013-08-05 01:21 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2010-12-14 01:13 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
2010-12-14 01:13 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files\GIGABYTE\EnergySaver2\ycc.dll
2011-03-13 14:26 - 2013-04-25 17:23 - 00042496 _____ () C:\Program Files\phonostar-Player\phonostarTimer.exe
2012-12-03 23:37 - 2011-05-31 05:31 - 00061952 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\MouseHook.dll
2012-12-03 23:37 - 2011-04-02 00:07 - 00003584 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\GerRes.dll
2014-04-20 14:19 - 2014-03-25 14:25 - 00590640 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
2014-04-20 14:16 - 2014-03-25 14:26 - 09741104 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wgui14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00035120 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsdcom48.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00309040 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rscorewinapi48.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00321840 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsguiwinapi48.dll
2014-04-20 14:16 - 2014-03-25 14:26 - 03799344 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wcore14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00136496 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsodbc48.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 02691888 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfvie14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01993008 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wsteu14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01915184 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wreli14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 04330800 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wauff14.dll
2014-04-20 14:16 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-core.dll
2014-04-20 14:16 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-shared.dll
2014-04-20 14:16 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-contribs-lib.dll
2014-04-20 14:16 - 2014-03-26 10:59 - 01548592 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wmain14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 05127984 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae114.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01690416 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae214.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01806128 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae314.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01626928 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae414.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01115440 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau114.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01326384 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau214.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01245488 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wwerb14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 07324464 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wkont14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01283376 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wimp14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01330480 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfabu14.dll
2011-01-17 17:19 - 2011-02-15 20:52 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2012-12-03 23:37 - 2011-04-20 18:10 - 00024576 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
2012-12-03 23:37 - 2011-04-16 20:02 - 00049152 _____ () C:\Windows\system32\LGErrorHandler.dll
2012-12-03 23:37 - 2011-04-20 18:10 - 00024576 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\cloneTestDDCCI.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: Nero MediaHome 4 => "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
MSCONFIG\startupreg: Remote Master => C:\Program Files\Remote Master\Remote Master.exe
MSCONFIG\startupreg: TabbtnEx => C:\Users\Admin\AppData\Local\Microsoft\Windows\3565\TabbtnEx.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: voisert => rundll32 "C:\Users\Admin\AppData\Local\voisert.dll",voisert
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/09/2014 00:02:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {aa207a4a-4aa1-468e-bb8c-cbd503d8d459}
Error: (06/08/2014 04:43:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {9d70894c-c076-40ea-8393-6e98f6227a6c}
Error: (06/06/2014 10:03:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {2dddb5b3-e19d-4034-9860-97a1defbb8aa}
Error: (05/30/2014 09:01:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdadb
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000c283b
ID des fehlerhaften Prozesses: 0xad0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (05/30/2014 09:00:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e
Name des fehlerhaften Moduls: Flash32_13_0_0_214.ocx, Version: 13.0.0.214, Zeitstempel: 0x5359c422
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0020ca1d
ID des fehlerhaften Prozesses: 0x65c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (05/29/2014 06:01:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 6.16.0.105 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1344
Startzeit: 01cf78bcd454e312
Endzeit: 50
Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe
Berichts-ID:
Error: (05/27/2014 04:42:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00509636
ID des fehlerhaften Prozesses: 0x308
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (05/26/2014 10:31:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (05/26/2014 10:30:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (05/26/2014 01:27:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {312900fa-f2f3-435a-b4ec-6eb721d257fd}
System errors:
=============
Error: (06/08/2014 04:15:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (06/08/2014 04:15:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (06/08/2014 04:15:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (06/08/2014 04:15:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (06/08/2014 04:15:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (06/01/2014 11:18:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/01/2014 11:18:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (06/01/2014 11:18:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (06/01/2014 11:18:42 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (06/01/2014 11:18:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Microsoft Office Sessions:
=========================
Error: (06/09/2014 00:02:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {aa207a4a-4aa1-468e-bb8c-cbd503d8d459}
Error: (06/08/2014 04:43:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {9d70894c-c076-40ea-8393-6e98f6227a6c}
Error: (06/06/2014 10:03:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {2dddb5b3-e19d-4034-9860-97a1defbb8aa}
Error: (05/30/2014 09:01:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69entdll.dll6.1.7600.163854a5bdadbc0000374000c283bad001cf7c3984db6d9bC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllc487cfea-e82c-11e3-b25a-00040ec4d221
Error: (05/30/2014 09:00:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69eFlash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d65c01cf7b7c97362540C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\Flash32_13_0_0_214.ocxb7c052be-e82c-11e3-b25a-00040ec4d221
Error: (05/29/2014 06:01:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.16.0.105134401cf78bcd454e31250C:\Program Files\Skype\Phone\Skype.exe
Error: (05/27/2014 04:42:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c00000050050963630801cf79317dec67a4C:\Program Files\Internet Explorer\iexplore.exeunknown2c580d93-e5ad-11e3-b25a-00040ec4d221
Error: (05/26/2014 10:31:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (05/26/2014 10:30:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (05/26/2014 01:27:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {312900fa-f2f3-435a-b4ec-6eb721d257fd}
==================== Memory info ===========================
Percentage of memory in use: 28%
Total physical RAM: 3575.43 MB
Available physical RAM: 2570.76 MB
Total Pagefile: 7149.14 MB
Available Pagefile: 5979.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.43 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.73 GB) (Free:15.11 GB) NTFS
Drive d: (Daten) (Fixed) (Total:882.68 GB) (Free:624.75 GB) NTFS
Drive e: (System) (Fixed) (Total:14.65 GB) (Free:2.59 GB) NTFS
Drive f: (Software) (Fixed) (Total:14.65 GB) (Free:6.92 GB) NTFS
Drive g: (Data) (Fixed) (Total:45.23 GB) (Free:6.18 GB) NTFS
Drive i: (Lexar) (Removable) (Total:7.45 GB) (Free:2.31 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 75 GB) (Disk ID: ED6E8B61)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=45 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7618FDE6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=883 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:17 on 09/06/2014 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-09 20:32:14
Windows 6.1.7600 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T1L0-d SAMSUNG_HD103SJ rev.1AJ10001 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uxldqpog.sys
---- System - GMER 2.1 ----
SSDT 922A89AE ZwCreateSection
SSDT 922A89B8 ZwRequestWaitReplyPort
SSDT 922A89B3 ZwSetContextThread
SSDT 922A89BD ZwSetSecurityObject
SSDT 922A89C2 ZwSystemDebugControl
SSDT 922A894F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83293579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832B7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 832BF840 4 Bytes [AE, 89, 2A, 92] {SCASB ; MOV [EDX], EBP; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 69C 832BFB9C 4 Bytes [B8, 89, 2A, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 832BFBE0 4 Bytes [B3, 89, 2A, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 75C 832BFC5C 4 Bytes [BD, 89, 2A, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B0 832BFCB0 4 Bytes [C2, 89, 2A, 92] {RET 0x2a89; XCHG EDX, EAX}
.text ...
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7425250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74252494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74235624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742356E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74248573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74244D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742450CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742451A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [742466D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742482CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74248819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7424907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7424E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74244C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@J:\Games\new\davin\Âåëèêèå Ñåêðåòû. Äà Âèí\xf7è\unins000.exe 1
---- EOF - GMER 2.1 ----
Beste Grüße Alex |
|
10.06.2014, 06:48
| #2 |
| /// the machine /// TB-Ausbilder    | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert hi,
__________________Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Scan mit Combofix
__________________ |
|
10.06.2014, 21:20
| #3 |
| | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Hallo schrauber,
__________________hier die Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:09-06-2014 01
Ran by Admin at 2014-06-10 22:02:42 Run:1
Running from I:\Anti-Malware
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
==== End of Fixlog ====
ComboFix meckert darüber und warnt vor unvorhersehbaren Ereignissen bzw. Schäden. Soll ich diese Warnung durch OK ignorieren oder abbrechen, die Avira im Autostart-Menu abwählen, neu starten und ComboFix wieder anwerfen!? Beste Grüße Alex |
|
11.06.2014, 20:10
| #4 |
| /// the machine /// TB-Ausbilder | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Avira über den Schirm unten rechts beenden? Dan Ok klicken bei Combofix.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.06.2014, 20:25
| #5 |
| | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Über den Infobereich!? Finde dort komischerweise kein Avira-Symbol. Über das Avira-Fenster lässt sich der Echtzeit-Scanner zwar ausschalten, die Anwendung aber bleibt aktiv. Oder verstehe ich etwas falsch!? Grüße Alex |
|
12.06.2014, 08:18
| #6 |
| /// the machine /// TB-Ausbilder | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert passt schon, einfach Combofix laufen lassen 
__________________ --> Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert |
|
12.06.2014, 18:50
| #7 |
| | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Ok, danke! Hier die Log-Datei: Code:
ATTFilter Combofix Logfile: Alex |
|
13.06.2014, 15:03
| #8 |
| /// the machine /// TB-Ausbilder | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.06.2014, 16:37
| #9 |
| | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Hallo, hier die Log-Dateien: mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.06.2014 Suchlauf-Zeit: 16:55:01 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.14.04 Rootkit Datenbank: v2014.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 CPU: x86 Dateisystem: NTFS Benutzer: Admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 287233 Verstrichene Zeit: 6 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 14/06/2014 um 17:08:32
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (32 bits)
# Benutzername : Admin - BRUCE
# Gestartet von : I:\Anti-Malware\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\ICQToolbarData
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\.autoreg
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55687A7D-1D91-421E-9BCA-2DA6F9D82C8A}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55687A7D-1D91-421E-9BCA-2DA6F9D82C8A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Elf_1
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.16385
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\prefs.js ]
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1299526606);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "getr%C3%A4nke%20lorenz%20m%C3%BCnchen||c%20krause%20swiss%20parings||k%20krause%20swiss%20parings||k%20krause%20swiss%20chess||k%20krause%20swiss||streik%20lokf%C3%BCh[...]
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1299868036");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.15");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "129702547712970254991297100155460");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1299878677);
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
*************************
AdwCleaner[R0].txt - [7073 octets] - [14/06/2014 17:04:39]
AdwCleaner[S0].txt - [6946 octets] - [14/06/2014 17:08:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7006 octets] ##########
[/CODE] JRT.txt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x86
Ran by Admin on 14.06.2014 at 17:17:43,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\0lui6wtv.default\minidumps [38 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.06.2014 at 17:21:54,41
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by Admin (administrator) on BRUCE on 14-06-2014 17:23:29
Running from I:\Anti-Malware
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
() C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\phonostar-Player\phonostarTimer.exe
() C:\Program Files\phonostar-Player\phonostarTimer.exe
(LG Electronics) C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
() C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\cloneTestDDCCI.exe
() C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Gigabyte Technology CO., LTD.) C:\Program Files\GIGABYTE\smart6\timelock\AlarmClock.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [phonostarTimer] => C:\Program Files\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [phonostar-PlayerTimer] => C:\Program Files\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Package.lnk
ShortcutTarget: Dual Package.lnk -> C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe (LG Electronics)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4A6E99F659AFCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}-trash [2012-07-10]
FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: BetterPrivacy - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2012-01-22]
FF Extension: bidbag Remote - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\development@bidbag.de.xpi [2012-11-11]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-10]
FF Extension: DownThemAll! - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-12-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-02]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-17]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-02]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-17]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 DES2 Service; C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Smart TimeLock; C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
==================== Drivers (Whitelisted) ====================
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)
R3 gdrv; C:\Windows\gdrv.sys [17488 2014-06-14] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2010-12-17] ()
S3 LGDDCDevice; C:\Windows\system32\LGI2CDriver.sys [16384 2010-08-04] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\system32\LGPII2CDriver.sys [19968 2011-02-11] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2070-01-01 01:00 - 2012-04-27 20:14 - 00000000 ____D () C:\Users\Admin\Downloads\BOTANICULA
2014-06-14 17:21 - 2014-06-14 17:21 - 00000912 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-06-14 17:14 - 2014-06-14 17:14 - 00000000 ____D () C:\Windows\ERUNT
2014-06-14 17:04 - 2014-06-14 17:08 - 00000000 ____D () C:\AdwCleaner
2014-06-14 17:03 - 2014-06-14 17:03 - 00001143 _____ () C:\Users\Admin\Desktop\mbam.txt
2014-06-14 16:50 - 2014-06-14 16:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 16:49 - 2014-06-14 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-14 16:49 - 2014-06-14 16:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-14 16:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-14 16:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-14 16:49 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-12 19:38 - 2014-06-14 17:17 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\temp
2014-06-12 19:38 - 2014-06-12 19:38 - 00010683 _____ () C:\ComboFix.txt
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 19:33 - 2014-06-14 17:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp
2014-06-12 19:29 - 2014-06-12 19:38 - 00000000 ____D () C:\ComboFix
2014-06-12 19:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-12 19:29 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-12 19:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-12 19:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-12 19:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-12 19:29 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-12 19:29 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-12 19:29 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-10 22:08 - 2014-06-12 19:38 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 22:08 - 2014-06-12 19:38 - 00000000 ____D () C:\Qoobox
2014-06-10 22:03 - 2014-06-10 22:00 - 05205915 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-06-09 20:17 - 2014-06-09 20:17 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-06-09 13:11 - 2014-06-14 17:23 - 00000000 ____D () C:\FRST
2014-05-31 23:02 - 2014-05-31 23:02 - 00159688 _____ () C:\Windows\Minidump\053114-32573-01.dmp
2014-05-26 10:31 - 2014-05-26 10:31 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-26 00:34 - 2014-05-26 00:49 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-26 00:34 - 2014-05-26 00:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-26 00:23 - 2014-05-26 00:23 - 00000838 _____ () C:\Users\Admin\Desktop\Uninstall_Flash.txt
2014-05-26 00:21 - 2014-05-26 00:21 - 00848048 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\uninstall_flash_player.exe
2014-05-18 04:06 - 2014-05-18 04:06 - 01136048 _____ () C:\Windows\Minidump\051814-26020-01.dmp
2014-05-17 23:33 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-05-17 23:33 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-05-17 23:33 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-05-17 23:33 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-05-17 23:33 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-05-17 23:33 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-05-17 23:33 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-05-17 23:32 - 2014-05-17 23:33 - 00000000 ____D () C:\Windows\system32\directx
2014-05-17 23:32 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-05-17 23:32 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-05-17 23:32 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-05-17 23:32 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-05-17 23:32 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-05-17 23:32 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-05-17 23:32 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-05-17 23:32 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-05-17 23:32 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-05-17 23:32 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-05-17 23:32 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-05-17 23:32 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-05-17 23:32 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-05-17 23:32 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-05-17 23:32 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-05-17 23:32 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
==================== One Month Modified Files and Folders =======
2014-06-14 17:23 - 2014-06-12 19:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp
2014-06-14 17:23 - 2014-06-09 13:11 - 00000000 ____D () C:\FRST
2014-06-14 17:23 - 2010-12-13 22:53 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-14 17:23 - 2009-07-14 06:34 - 00024848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-14 17:23 - 2009-07-14 06:34 - 00024848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-14 17:21 - 2014-06-14 17:21 - 00000912 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-06-14 17:20 - 2010-12-13 22:52 - 01511661 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 17:17 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\temp
2014-06-14 17:17 - 2011-01-09 00:07 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-14 17:17 - 2010-12-14 01:14 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-14 17:17 - 2010-12-14 00:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-14 17:17 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-14 17:16 - 2009-07-14 06:39 - 00087081 _____ () C:\Windows\setupact.log
2014-06-14 17:14 - 2014-06-14 17:14 - 00000000 ____D () C:\Windows\ERUNT
2014-06-14 17:14 - 2011-01-09 00:07 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 17:11 - 2011-01-09 13:53 - 01320978 _____ () C:\Windows\PFRO.log
2014-06-14 17:08 - 2014-06-14 17:04 - 00000000 ____D () C:\AdwCleaner
2014-06-14 17:08 - 2011-02-07 14:43 - 00000000 ____D () C:\ProgramData\ICQ
2014-06-14 17:03 - 2014-06-14 17:03 - 00001143 _____ () C:\Users\Admin\Desktop\mbam.txt
2014-06-14 16:50 - 2014-06-14 16:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 16:49 - 2014-06-14 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-14 16:49 - 2014-06-14 16:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-14 16:48 - 2012-04-22 23:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 19:38 - 2014-06-12 19:38 - 00010683 _____ () C:\ComboFix.txt
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 19:38 - 2014-06-12 19:29 - 00000000 ____D () C:\ComboFix
2014-06-12 19:38 - 2014-06-10 22:08 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 19:38 - 2014-06-10 22:08 - 00000000 ____D () C:\Qoobox
2014-06-12 19:38 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-12 19:38 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default
2014-06-12 19:36 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-12 19:33 - 2012-04-22 20:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
2014-06-12 19:33 - 2010-12-13 23:01 - 00000000 ____D () C:\Users\Admin
2014-06-10 22:00 - 2014-06-10 22:03 - 05205915 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-06-09 20:17 - 2014-06-09 20:17 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-06-09 17:13 - 2010-12-14 23:43 - 00000000 ____D () C:\Program Files\Adobe
2014-06-09 12:44 - 2010-12-14 23:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-06-05 00:02 - 2011-11-05 15:08 - 00000000 ____D () C:\Users\Admin\Documents\Eigene Scans
2014-05-31 23:09 - 2013-04-18 21:55 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4
2014-05-31 23:02 - 2014-05-31 23:02 - 00159688 _____ () C:\Windows\Minidump\053114-32573-01.dmp
2014-05-31 23:02 - 2011-05-20 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-30 17:05 - 2011-01-08 22:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-05-26 10:31 - 2014-05-26 10:31 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-26 10:31 - 2011-01-08 22:39 - 00000000 ___RD () C:\Program Files\Skype
2014-05-26 10:31 - 2011-01-08 22:39 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 00:49 - 2014-05-26 00:34 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-26 00:49 - 2014-05-26 00:34 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-26 00:49 - 2010-12-14 23:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-05-26 00:23 - 2014-05-26 00:23 - 00000838 _____ () C:\Users\Admin\Desktop\Uninstall_Flash.txt
2014-05-26 00:21 - 2014-05-26 00:21 - 00848048 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\uninstall_flash_player.exe
2014-05-18 04:06 - 2014-05-18 04:06 - 01136048 _____ () C:\Windows\Minidump\051814-26020-01.dmp
2014-05-18 04:06 - 2012-07-10 23:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-18 03:59 - 2010-12-14 00:13 - 00003731 _____ () C:\Windows\avmfwlanci.log
2014-05-18 03:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-17 23:33 - 2014-05-17 23:32 - 00000000 ____D () C:\Windows\system32\directx
2014-05-16 20:15 - 2013-10-05 20:11 - 00000000 ____D () C:\Users\Admin\Downloads\Rechnungen o2
ZeroAccess:
C:\Users\Admin\AppData\Local\{e8bbda05-74da-a9a6-e575-5a1a8f5d5987}
C:\Users\Admin\AppData\Local\{e8bbda05-74da-a9a6-e575-5a1a8f5d5987}\@
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\temp\avgnt.exe
C:\Users\Admin\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2010-12-13 22:38
==================== End Of Log ============================
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014 02
Ran by Admin at 2014-06-14 17:24:00
Running from I:\Anti-Malware
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
@BIOS (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
AutoGreen B09.1014.2 (HKLM\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (Version: 1.00.0000 - GIGABYTE) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - AVM Berlin)
Botanicula (HKLM\...\Botanicula_is1) (Version: - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5300 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
CBReader (HKLM\...\CBReader ) (Version: - ChessBase GmbH)
ChessBase 12 (HKLM\...\{FCBFC686-53B0-4CB0-A820-E9D20C95FABE}) (Version: 12.1.0.0 - ChessBase)
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
DES 2.0 (HKLM\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Directory Lister Pro v1.62 (HKLM\...\Directory Lister Pro_is1) (Version: 1.62 - KRKSoft)
Dual Package (HKLM\...\{37365259-9D37-4FBE-9204-08B4034623B6}) (Version: 2.9 - LG Soft India Pvt Ltd)
Easy Tune 6 B10.0521.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (Version: 1.00.0000 - GIGABYTE) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ7.4 (HKLM\...\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}) (Version: 7.4 - ICQ)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IsoBuster 2.8.5 (HKLM\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
LockHunter 3.0, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero MediaHome 4 (Version: 4.5.20.45 - Nero AG) Hidden
Nero MediaHome 4 Essentials (HKLM\...\{04d0813a-6e8b-40a5-a2c7-d929ccd2b5e1}) (Version: - Nero AG)
Nero MediaHome 4 Help (Version: 4.5.5.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Treiber 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 260.99 - NVIDIA Corporation)
NVIDIA Grafiktreiber 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 260.99 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.1.9.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.9.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.0.14.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6099 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 260.99 (Version: 260.99 - NVIDIA Corporation) Hidden
ON_OFF Charge B10.0427.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Ontrack EasyRecovery Home (HKLM\...\{B8686BCF-5181-477F-9CBE-786391011B9C}_is1) (Version: 11.0.2.0 - Kroll Ontrack Inc.)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
phonostar-Player Version 3.03.1 (HKLM\...\phonostar3RadioPlayer_is1) (Version: - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PS_AIO_04_C5300_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.00042 - Realtek Semiconductor Corp.)
Remote Master (HKLM\...\Remote Master) (Version: - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart 6 B10.0422.1 (HKLM\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
t@x 2013 (HKCU\...\{6737F045-A91A-4177-9C8C-59460FC1C84D}) (Version: 20.00.8137 - Buhl Data Service GmbH)
t@x 2014 (HKCU\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.50 - Ghisler Software GmbH)
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.8.0 - Tweaking.com)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinCDEmu (HKLM\...\WinCDEmu) (Version: 3.6 - Bazis)
WISO Mein Geld 2012 Professional (HKLM\...\WISO Mein Geld 2012 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2012 Professional (Version: 14.0.1.18 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2011 (HKLM\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.06.7056 - Buhl Data Service GmbH)
==================== Restore Points =========================
12-06-2014 18:05:51 Automatic creation
14-06-2014 15:08:12 Automatic creation
==================== Hosts content: ==========================
2009-07-14 04:04 - 2014-06-12 19:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {2FDB101E-045E-4920-A563-87DF08C0D382} - System32\Tasks\AdobeAAMUpdater-1.0-Bruce-Admin => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {38F837AD-0813-4003-B978-4754B291A6C7} - System32\Tasks\{A77DCEAA-D94D-4E61-A213-F36BBBFACACC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/ru/abandoninstall?page=tsProgressBar
Task: {5E4CDD35-1667-442C-811D-00D6768A9FB2} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {67288036-726A-4EB2-AA43-FC51DC02B194} - System32\Tasks\{33AA7B1C-74E9-45CF-B2D3-1B23F4ABB1E0} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/ru/abandoninstall?page=tsProgressBar
Task: {72061602-B23D-4837-94FD-3B320E38F4C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-09] (Google Inc.)
Task: {CFDC9FF3-86CF-4516-A70B-CF460ACCD4B0} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {E507B357-E7E9-4B99-88A1-78D19747C3FE} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {F5B12AFD-B600-48E8-B52D-9C7F79B90C97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-09] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-08-05 01:32 - 2013-08-05 01:21 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2010-12-14 01:13 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
2010-12-14 01:13 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files\GIGABYTE\EnergySaver2\ycc.dll
2011-03-13 14:26 - 2013-04-25 17:23 - 00042496 _____ () C:\Program Files\phonostar-Player\phonostarTimer.exe
2012-12-03 23:37 - 2011-05-31 05:31 - 00061952 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\MouseHook.dll
2012-12-03 23:37 - 2011-04-02 00:07 - 00003584 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\GerRes.dll
2012-12-03 23:37 - 2011-04-20 18:10 - 00024576 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
2012-12-03 23:37 - 2011-04-16 20:02 - 00049152 _____ () C:\Windows\system32\LGErrorHandler.dll
2012-12-03 23:37 - 2011-04-20 18:10 - 00024576 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\cloneTestDDCCI.exe
2014-04-20 14:19 - 2014-03-25 14:25 - 00590640 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
2014-04-20 14:16 - 2014-03-25 14:26 - 09741104 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wgui14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00035120 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsdcom48.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00309040 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rscorewinapi48.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00321840 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsguiwinapi48.dll
2014-04-20 14:16 - 2014-03-25 14:26 - 03799344 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wcore14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00136496 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsodbc48.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 02691888 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfvie14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01993008 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wsteu14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01915184 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wreli14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 04330800 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wauff14.dll
2014-04-20 14:16 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-core.dll
2014-04-20 14:16 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-shared.dll
2014-04-20 14:16 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-contribs-lib.dll
2014-04-20 14:16 - 2014-03-26 10:59 - 01548592 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wmain14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 05127984 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae114.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01690416 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae214.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01806128 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae314.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01626928 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae414.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01115440 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau114.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01326384 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau214.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01245488 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wwerb14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 07324464 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wkont14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01283376 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wimp14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01330480 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfabu14.dll
2011-01-17 17:19 - 2011-02-15 20:52 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: Nero MediaHome 4 => "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
MSCONFIG\startupreg: Remote Master => C:\Program Files\Remote Master\Remote Master.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 30%
Total physical RAM: 3575.43 MB
Available physical RAM: 2484.28 MB
Total Pagefile: 7149.14 MB
Available Pagefile: 5954.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.48 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.73 GB) (Free:16.42 GB) NTFS
Drive d: (Daten) (Fixed) (Total:882.68 GB) (Free:624.87 GB) NTFS
Drive e: (System) (Fixed) (Total:14.65 GB) (Free:2.61 GB) NTFS
Drive f: (Software) (Fixed) (Total:14.65 GB) (Free:6.92 GB) NTFS
Drive g: (Data) (Fixed) (Total:45.23 GB) (Free:6.18 GB) NTFS
Drive i: (Lexar) (Removable) (Total:7.45 GB) (Free:2.28 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 75 GB) (Disk ID: ED6E8B61)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=45 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7618FDE6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=883 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Beste Grüße Alex |
|
15.06.2014, 06:19
| #10 |
| /// the machine /// TB-Ausbilder | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Das kommt jetzt Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
ZeroAccess:
C:\Users\Admin\AppData\Local\{e8bbda05-74da-a9a6-e575-5a1a8f5d5987}
C:\Users\Admin\AppData\Local\{e8bbda05-74da-a9a6-e575-5a1a8f5d5987}\@
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.06.2014, 20:04
| #11 |
| | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Das habe ich mir gedacht hier sind die Log-Dateien: Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:12-06-2014 02
Ran by Admin at 2014-06-15 15:07:43 Run:2
Running from I:\Anti-Malware
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
ZeroAccess:
C:\Users\Admin\AppData\Local\{e8bbda05-74da-a9a6-e575-5a1a8f5d5987}
C:\Users\Admin\AppData\Local\{e8bbda05-74da-a9a6-e575-5a1a8f5d5987}\@
*****************
'HKU\S-1-5-21-4054874865-167824030-1421856473-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}' => Key deleted successfully.
C:\Users\Admin\AppData\Local\{e8bbda05-74da-a9a6-e575-5a1a8f5d5987} => Moved successfully.
"C:\Users\Admin\AppData\Local\{e8bbda05-74da-a9a6-e575-5a1a8f5d5987}\@" => File/Directory not found.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2542950f4fbccc4db06eb381f3f385fd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-03 10:53:17
# local_time=2012-09-04 12:53:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 864168 83241373 691174 0
# compatibility_mode=5893 16776574 66 94 54430773 99146895 0 0
# compatibility_mode=8192 67108863 100 0 128 128 0 0
# scanned=179566
# found=5
# cleaned=5
# scan_time=4645
C:\Users\Admin\AppData\Local\Temp\76E78176-BAB0-7891-93F1-EB764374920A\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Admin\AppData\Local\Temp\InstallShare10722\bab_setup.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Admin\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\CHIP_CD_0210\downloads\2159922\unlocker1.8.8.exe Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=2542950f4fbccc4db06eb381f3f385fd
# engine=18726
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-15 06:10:52
# local_time=2014-06-15 08:10:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 18332 128686879 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 110578473 155294595 0 0
# scanned=585346
# found=57
# cleaned=0
# scan_time=15986
sh=7EB05B43A52B79D69F54F95E77A09230AB5BF1B4 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\6b9c180d-303a1529"
sh=7F1A2B6DF5A0666048B78BDD447327036AF6267A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\215eb827-586a529f"
sh=9CFAD7EFDDE366316E85887F9E99C45148315E8E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\56897884-1972867a"
sh=F076BE9DF0DBD1E7A4649D2C7F4930CE0C92FD09 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\3fe19728-5abf4d66"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Program Files\Conduit\Community Alerts\Alert.dll"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Program Files\uTorrentBar_DE\hk64tbuTor.dll"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Program Files\uTorrentBar_DE\hktbuTor.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Program Files\uTorrentBar_DE\ldrtbuTor.dll"
sh=2647A8D25068D715D97EE42DCB86CF9AA55946BC ft=1 fh=5fd80ae6b91e806a vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Program Files\uTorrentBar_DE\prxtbuTor.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Program Files\uTorrentBar_DE\tbuTor.dll"
sh=8BA5E39500E7C1CA0E881744767DE58967D29243 ft=1 fh=ebe9aff61ea22037 vn="Variante von Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\Local\Temp\uttA636.tmp.exe"
sh=2EE0AAF575D86EF5A93B01C7EC03EBF926CA4147 ft=1 fh=d82e726e69eec8ce vn="Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\hk64tbuTo0.dll"
sh=DACCEF26229D06C78049B88C7BE2772EA347B8A2 ft=1 fh=fefb97b647b2f1e6 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\hk64tbuTo2.dll"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\hk64tbuTor.dll"
sh=D4FEA02B7EEC13FA4944AA276F160B1FCE078AB3 ft=1 fh=901bf430c96d23b4 vn="Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\hktbuTo0.dll"
sh=A473F1057D0844C61ED68047F97C6CD8B3F79F51 ft=1 fh=851ca62d1383db26 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\hktbuTo2.dll"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\hktbuTor.dll"
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\ldrtbuTo0.dll"
sh=28F30DCBC3836B85CF84C0445F20FDD74276105F ft=1 fh=a5122cc400caea7d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\ldrtbuTo2.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\ldrtbuTor.dll"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\tbuTo0.dll"
sh=49EF6474458CF16251C1FF63D1BFCDD82B618F1C ft=1 fh=59afc62f273e1dd2 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\tbuTo1.dll"
sh=4C716303AC281E9F6F92DBAA25DFCF342B2E8300 ft=1 fh=2ce425e33ba62b65 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\tbuTo2.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\tbuTor.dll"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="D:\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll"
sh=06C15CA58DDDA1072F5AB4C820DAC979FAA72A34 ft=1 fh=78c70a54817f7d30 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="F:\CHIP_CD_0210\downloads\2159922\unlocker1.8.8.exe"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Program Files\Conduit\Community Alerts\Alert.dll"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Program Files\uTorrentBar_DE\hk64tbuTor.dll"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Program Files\uTorrentBar_DE\hktbuTor.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Program Files\uTorrentBar_DE\ldrtbuTor.dll"
sh=2647A8D25068D715D97EE42DCB86CF9AA55946BC ft=1 fh=5fd80ae6b91e806a vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Program Files\uTorrentBar_DE\prxtbuTor.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Program Files\uTorrentBar_DE\tbuTor.dll"
sh=8BA5E39500E7C1CA0E881744767DE58967D29243 ft=1 fh=ebe9aff61ea22037 vn="Variante von Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\Local\Temp\uttA636.tmp.exe"
sh=2EE0AAF575D86EF5A93B01C7EC03EBF926CA4147 ft=1 fh=d82e726e69eec8ce vn="Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\hk64tbuTo0.dll"
sh=DACCEF26229D06C78049B88C7BE2772EA347B8A2 ft=1 fh=fefb97b647b2f1e6 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\hk64tbuTo2.dll"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\hk64tbuTor.dll"
sh=D4FEA02B7EEC13FA4944AA276F160B1FCE078AB3 ft=1 fh=901bf430c96d23b4 vn="Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\hktbuTo0.dll"
sh=A473F1057D0844C61ED68047F97C6CD8B3F79F51 ft=1 fh=851ca62d1383db26 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\hktbuTo2.dll"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\hktbuTor.dll"
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\ldrtbuTo0.dll"
sh=28F30DCBC3836B85CF84C0445F20FDD74276105F ft=1 fh=a5122cc400caea7d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\ldrtbuTo2.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\ldrtbuTor.dll"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\tbuTo0.dll"
sh=49EF6474458CF16251C1FF63D1BFCDD82B618F1C ft=1 fh=59afc62f273e1dd2 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\tbuTo1.dll"
sh=4C716303AC281E9F6F92DBAA25DFCF342B2E8300 ft=1 fh=2ce425e33ba62b65 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\tbuTo2.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\tbuTor.dll"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_D_2014-02-25\Backup_Dexter_2013-09_C\Users\Admin\AppData\LocalLow\uTorrentBar_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll"
sh=7EB05B43A52B79D69F54F95E77A09230AB5BF1B4 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="K:\Backup_Bruce_C_2014-02-26\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\6b9c180d-303a1529"
sh=7F1A2B6DF5A0666048B78BDD447327036AF6267A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="K:\Backup_Bruce_C_2014-02-26\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\215eb827-586a529f"
sh=9CFAD7EFDDE366316E85887F9E99C45148315E8E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="K:\Backup_Bruce_C_2014-02-26\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\56897884-1972867a"
sh=F076BE9DF0DBD1E7A4649D2C7F4930CE0C92FD09 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="K:\Backup_Bruce_C_2014-02-26\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\3fe19728-5abf4d66"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_Bruce_C_2014-02-26\Admin\Downloads\PDFCreator-1_7_1_setup.exe"
sh=B2713BD9D62CCCAC479AFE6B11AC03D2E897846D ft=1 fh=e6b1d65cc4540589 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="K:\Backup 3YYNQP1_2011-06-20\ARZN_94M143J_D_2011-03-09\System Volume Information\_restore{A2ABCE14-A4B0-4CFC-BA76-C44E6DDB568D}\RP293\A0061674.exe"
sh=9781B87EEBA6EBE73AA8339CC6DB3603BB53168B ft=1 fh=8a8ea7e01ebd00c2 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="K:\Backup 3YYNQP1_2011-06-20\ARZN_94M143J_D_2011-03-09\System Volume Information\_restore{A2ABCE14-A4B0-4CFC-BA76-C44E6DDB568D}\RP293\A0061762.exe"
sh=EBDF263A5558C4D2D940641FE589EB1299248C87 ft=1 fh=fb1e511b715ead8b vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="K:\Backup 3YYNQP1_2011-06-20\ARZN_94M143J_C_2011-03-09\WINDOWS\system\ASAPUserScript\ASAPUserScript.exe"
sh=924CFCF88092B2E58A94ED970D5F122FAE5D3944 ft=1 fh=145b87a9084d9518 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="K:\Backup 3YYNQP1_2011-06-20\ARZN_94M143J_C_2011-03-09\WINDOWS\system\iDoUpdate\iDoUpdate.exe"
sh=0BFF84AA6CC4CCF580EAE2FBF4C129FA6EA612C4 ft=1 fh=9fe1a4845276fe8f vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="K:\Backup_GJ7N5R1_2013-09-29_C\Downloads\Unlocker1.9.1-x64.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 13.0.0.214
Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-06-2014
Ran by Admin (administrator) on BRUCE on 15-06-2014 20:48:42
Running from I:\Anti-Malware
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
() C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\phonostar-Player\phonostarTimer.exe
() C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(LG Electronics) C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
() C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\cloneTestDDCCI.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Gigabyte Technology CO., LTD.) C:\Program Files\GIGABYTE\smart6\timelock\AlarmClock.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [phonostarTimer] => C:\Program Files\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [phonostar-PlayerTimer] => C:\Program Files\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-4054874865-167824030-1421856473-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Package.lnk
ShortcutTarget: Dual Package.lnk -> C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe (LG Electronics)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4A6E99F659AFCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}-trash [2012-07-10]
FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: BetterPrivacy - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2012-01-22]
FF Extension: bidbag Remote - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\development@bidbag.de.xpi [2012-11-11]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-10]
FF Extension: DownThemAll! - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0lui6wtv.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-12-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-02]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-17]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-02]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-17]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-14] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 DES2 Service; C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Smart TimeLock; C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
==================== Drivers (Whitelisted) ====================
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)
R3 gdrv; C:\Windows\gdrv.sys [17488 2014-06-15] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2010-12-17] ()
S3 LGDDCDevice; C:\Windows\system32\LGI2CDriver.sys [16384 2010-08-04] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\system32\LGPII2CDriver.sys [19968 2011-02-11] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2070-01-01 01:00 - 2012-04-27 20:14 - 00000000 ____D () C:\Users\Admin\Downloads\BOTANICULA
2014-06-15 20:46 - 2014-06-15 20:46 - 00000877 _____ () C:\Users\Admin\Desktop\checkup.txt
2014-06-14 23:12 - 2014-06-14 23:12 - 00003726 _____ () C:\Users\Admin\Desktop\Windows_Firewall_2014-06-14.txt
2014-06-14 17:21 - 2014-06-14 17:21 - 00000912 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-06-14 17:14 - 2014-06-14 17:14 - 00000000 ____D () C:\Windows\ERUNT
2014-06-14 17:04 - 2014-06-14 17:08 - 00000000 ____D () C:\AdwCleaner
2014-06-14 17:03 - 2014-06-14 17:03 - 00001143 _____ () C:\Users\Admin\Desktop\mbam.txt
2014-06-14 16:50 - 2014-06-14 16:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 16:49 - 2014-06-14 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-14 16:49 - 2014-06-14 16:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-14 16:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-14 16:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-14 16:49 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-12 19:38 - 2014-06-15 14:59 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\temp
2014-06-12 19:38 - 2014-06-12 19:38 - 00010683 _____ () C:\ComboFix.txt
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 19:33 - 2014-06-15 20:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp
2014-06-12 19:29 - 2014-06-12 19:38 - 00000000 ____D () C:\ComboFix
2014-06-12 19:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-12 19:29 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-12 19:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-12 19:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-12 19:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-12 19:29 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-12 19:29 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-12 19:29 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-10 22:08 - 2014-06-12 19:38 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 22:08 - 2014-06-12 19:38 - 00000000 ____D () C:\Qoobox
2014-06-10 22:03 - 2014-06-10 22:00 - 05205915 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-06-09 20:17 - 2014-06-09 20:17 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-06-09 13:11 - 2014-06-15 20:48 - 00000000 ____D () C:\FRST
2014-05-31 23:02 - 2014-05-31 23:02 - 00159688 _____ () C:\Windows\Minidump\053114-32573-01.dmp
2014-05-26 10:31 - 2014-05-26 10:31 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-26 00:34 - 2014-05-26 00:49 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-26 00:34 - 2014-05-26 00:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-26 00:23 - 2014-05-26 00:23 - 00000838 _____ () C:\Users\Admin\Desktop\Uninstall_Flash.txt
2014-05-26 00:21 - 2014-05-26 00:21 - 00848048 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\uninstall_flash_player.exe
2014-05-18 04:06 - 2014-05-18 04:06 - 01136048 _____ () C:\Windows\Minidump\051814-26020-01.dmp
2014-05-17 23:33 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-05-17 23:33 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-05-17 23:33 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-05-17 23:33 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-05-17 23:33 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-05-17 23:33 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-05-17 23:33 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-05-17 23:33 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-05-17 23:33 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-05-17 23:33 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-05-17 23:32 - 2014-05-17 23:33 - 00000000 ____D () C:\Windows\system32\directx
2014-05-17 23:32 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-05-17 23:32 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-05-17 23:32 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-05-17 23:32 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-05-17 23:32 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-05-17 23:32 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-05-17 23:32 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-05-17 23:32 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-05-17 23:32 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-05-17 23:32 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-05-17 23:32 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-05-17 23:32 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-05-17 23:32 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-05-17 23:32 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-05-17 23:32 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-05-17 23:32 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
==================== One Month Modified Files and Folders =======
2014-06-15 20:48 - 2014-06-12 19:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp
2014-06-15 20:48 - 2014-06-09 13:11 - 00000000 ____D () C:\FRST
2014-06-15 20:46 - 2014-06-15 20:46 - 00000877 _____ () C:\Users\Admin\Desktop\checkup.txt
2014-06-15 20:14 - 2011-01-09 00:07 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-15 17:20 - 2010-12-13 22:52 - 01650683 _____ () C:\Windows\WindowsUpdate.log
2014-06-15 15:12 - 2010-12-13 22:53 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-15 15:05 - 2009-07-14 06:34 - 00024848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-15 15:05 - 2009-07-14 06:34 - 00024848 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-15 15:00 - 2011-01-09 00:07 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-15 14:59 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\temp
2014-06-15 14:59 - 2010-12-14 01:14 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-15 14:59 - 2010-12-14 00:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-15 14:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-15 14:59 - 2009-07-14 06:39 - 00087283 _____ () C:\Windows\setupact.log
2014-06-14 23:12 - 2014-06-14 23:12 - 00003726 _____ () C:\Users\Admin\Desktop\Windows_Firewall_2014-06-14.txt
2014-06-14 17:47 - 2013-08-05 01:32 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-14 17:47 - 2013-08-05 01:32 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-14 17:21 - 2014-06-14 17:21 - 00000912 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-06-14 17:14 - 2014-06-14 17:14 - 00000000 ____D () C:\Windows\ERUNT
2014-06-14 17:11 - 2011-01-09 13:53 - 01320978 _____ () C:\Windows\PFRO.log
2014-06-14 17:08 - 2014-06-14 17:04 - 00000000 ____D () C:\AdwCleaner
2014-06-14 17:08 - 2011-02-07 14:43 - 00000000 ____D () C:\ProgramData\ICQ
2014-06-14 17:03 - 2014-06-14 17:03 - 00001143 _____ () C:\Users\Admin\Desktop\mbam.txt
2014-06-14 16:50 - 2014-06-14 16:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 16:49 - 2014-06-14 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-14 16:49 - 2014-06-14 16:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-14 16:48 - 2012-04-22 23:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 19:38 - 2014-06-12 19:38 - 00010683 _____ () C:\ComboFix.txt
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 19:38 - 2014-06-12 19:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 19:38 - 2014-06-12 19:29 - 00000000 ____D () C:\ComboFix
2014-06-12 19:38 - 2014-06-10 22:08 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 19:38 - 2014-06-10 22:08 - 00000000 ____D () C:\Qoobox
2014-06-12 19:38 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-12 19:38 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default
2014-06-12 19:36 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-12 19:33 - 2012-04-22 20:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
2014-06-12 19:33 - 2010-12-13 23:01 - 00000000 ____D () C:\Users\Admin
2014-06-10 22:00 - 2014-06-10 22:03 - 05205915 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-06-09 20:17 - 2014-06-09 20:17 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-06-09 17:13 - 2010-12-14 23:43 - 00000000 ____D () C:\Program Files\Adobe
2014-06-09 12:44 - 2010-12-14 23:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-06-05 00:02 - 2011-11-05 15:08 - 00000000 ____D () C:\Users\Admin\Documents\Eigene Scans
2014-05-31 23:09 - 2013-04-18 21:55 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4
2014-05-31 23:02 - 2014-05-31 23:02 - 00159688 _____ () C:\Windows\Minidump\053114-32573-01.dmp
2014-05-31 23:02 - 2011-05-20 11:48 - 00000000 ____D () C:\Windows\Minidump
2014-05-30 17:05 - 2011-01-08 22:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-05-26 10:31 - 2014-05-26 10:31 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-26 10:31 - 2011-01-08 22:39 - 00000000 ___RD () C:\Program Files\Skype
2014-05-26 10:31 - 2011-01-08 22:39 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 00:49 - 2014-05-26 00:34 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-26 00:49 - 2014-05-26 00:34 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-26 00:49 - 2010-12-14 23:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-05-26 00:23 - 2014-05-26 00:23 - 00000838 _____ () C:\Users\Admin\Desktop\Uninstall_Flash.txt
2014-05-26 00:21 - 2014-05-26 00:21 - 00848048 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\uninstall_flash_player.exe
2014-05-18 04:06 - 2014-05-18 04:06 - 01136048 _____ () C:\Windows\Minidump\051814-26020-01.dmp
2014-05-18 04:06 - 2012-07-10 23:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-18 03:59 - 2010-12-14 00:13 - 00003731 _____ () C:\Windows\avmfwlanci.log
2014-05-18 03:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-17 23:33 - 2014-05-17 23:32 - 00000000 ____D () C:\Windows\system32\directx
2014-05-16 20:15 - 2013-10-05 20:11 - 00000000 ____D () C:\Users\Admin\Downloads\Rechnungen o2
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\temp\avgnt.exe
C:\Users\Admin\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2010-12-13 22:38
==================== End Of Log ============================
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-06-2014
Ran by Admin at 2014-06-15 20:49:11
Running from I:\Anti-Malware
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
@BIOS (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
AutoGreen B09.1014.2 (HKLM\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (Version: 1.00.0000 - GIGABYTE) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - AVM Berlin)
Botanicula (HKLM\...\Botanicula_is1) (Version: - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5300 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
CBReader (HKLM\...\CBReader ) (Version: - ChessBase GmbH)
ChessBase 12 (HKLM\...\{FCBFC686-53B0-4CB0-A820-E9D20C95FABE}) (Version: 12.1.0.0 - ChessBase)
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
DES 2.0 (HKLM\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Directory Lister Pro v1.62 (HKLM\...\Directory Lister Pro_is1) (Version: 1.62 - KRKSoft)
Dual Package (HKLM\...\{37365259-9D37-4FBE-9204-08B4034623B6}) (Version: 2.9 - LG Soft India Pvt Ltd)
Easy Tune 6 B10.0521.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (Version: 1.00.0000 - GIGABYTE) Hidden
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ7.4 (HKLM\...\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}) (Version: 7.4 - ICQ)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IsoBuster 2.8.5 (HKLM\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
LockHunter 3.0, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero MediaHome 4 (Version: 4.5.20.45 - Nero AG) Hidden
Nero MediaHome 4 Essentials (HKLM\...\{04d0813a-6e8b-40a5-a2c7-d929ccd2b5e1}) (Version: - Nero AG)
Nero MediaHome 4 Help (Version: 4.5.5.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Treiber 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 260.99 - NVIDIA Corporation)
NVIDIA Grafiktreiber 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 260.99 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.1.9.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.9.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.0.14.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6099 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 260.99 (Version: 260.99 - NVIDIA Corporation) Hidden
ON_OFF Charge B10.0427.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Ontrack EasyRecovery Home (HKLM\...\{B8686BCF-5181-477F-9CBE-786391011B9C}_is1) (Version: 11.0.2.0 - Kroll Ontrack Inc.)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
phonostar-Player Version 3.03.1 (HKLM\...\phonostar3RadioPlayer_is1) (Version: - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PS_AIO_04_C5300_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.00042 - Realtek Semiconductor Corp.)
Remote Master (HKLM\...\Remote Master) (Version: - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart 6 B10.0422.1 (HKLM\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
t@x 2013 (HKCU\...\{6737F045-A91A-4177-9C8C-59460FC1C84D}) (Version: 20.00.8137 - Buhl Data Service GmbH)
t@x 2014 (HKCU\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.50 - Ghisler Software GmbH)
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.8.0 - Tweaking.com)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinCDEmu (HKLM\...\WinCDEmu) (Version: 3.6 - Bazis)
WISO Mein Geld 2012 Professional (HKLM\...\WISO Mein Geld 2012 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2012 Professional (Version: 14.0.1.18 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2011 (HKLM\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.06.7056 - Buhl Data Service GmbH)
==================== Restore Points =========================
14-06-2014 20:54:53 Automatic creation
15-06-2014 13:30:04 Automatic creation
==================== Hosts content: ==========================
2009-07-14 04:04 - 2014-06-12 19:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {2FDB101E-045E-4920-A563-87DF08C0D382} - System32\Tasks\AdobeAAMUpdater-1.0-Bruce-Admin => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {38F837AD-0813-4003-B978-4754B291A6C7} - System32\Tasks\{A77DCEAA-D94D-4E61-A213-F36BBBFACACC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/ru/abandoninstall?page=tsProgressBar
Task: {5E4CDD35-1667-442C-811D-00D6768A9FB2} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {67288036-726A-4EB2-AA43-FC51DC02B194} - System32\Tasks\{33AA7B1C-74E9-45CF-B2D3-1B23F4ABB1E0} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/ru/abandoninstall?page=tsProgressBar
Task: {72061602-B23D-4837-94FD-3B320E38F4C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-09] (Google Inc.)
Task: {CFDC9FF3-86CF-4516-A70B-CF460ACCD4B0} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {E507B357-E7E9-4B99-88A1-78D19747C3FE} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {F5B12AFD-B600-48E8-B52D-9C7F79B90C97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-09] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-12-14 01:13 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
2010-12-14 01:13 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files\GIGABYTE\EnergySaver2\ycc.dll
2011-03-13 14:26 - 2013-04-25 17:23 - 00042496 _____ () C:\Program Files\phonostar-Player\phonostarTimer.exe
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Admin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2012-12-03 23:37 - 2011-05-31 05:31 - 00061952 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\MouseHook.dll
2012-12-03 23:37 - 2011-04-02 00:07 - 00003584 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\GerRes.dll
2014-04-20 14:19 - 2014-03-25 14:25 - 00590640 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
2014-04-20 14:16 - 2014-03-25 14:26 - 09741104 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wgui14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00035120 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsdcom48.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00309040 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rscorewinapi48.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00321840 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsguiwinapi48.dll
2014-04-20 14:16 - 2014-03-25 14:26 - 03799344 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wcore14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 00136496 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsodbc48.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 02691888 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfvie14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01993008 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wsteu14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01915184 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wreli14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 04330800 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wauff14.dll
2014-04-20 14:16 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-core.dll
2014-04-20 14:16 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-shared.dll
2014-04-20 14:16 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-contribs-lib.dll
2014-04-20 14:16 - 2014-03-26 10:59 - 01548592 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wmain14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 05127984 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae114.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01690416 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae214.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01806128 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae314.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01626928 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae414.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01115440 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau114.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01326384 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau214.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01245488 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wwerb14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 07324464 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wkont14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01283376 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wimp14.dll
2014-04-20 14:16 - 2014-03-25 14:25 - 01330480 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfabu14.dll
2011-01-17 17:19 - 2011-02-15 20:52 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2012-12-03 23:37 - 2011-04-20 18:10 - 00024576 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
2012-12-03 23:37 - 2011-04-16 20:02 - 00049152 _____ () C:\Windows\system32\LGErrorHandler.dll
2012-12-03 23:37 - 2011-04-20 18:10 - 00024576 _____ () C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\cloneTestDDCCI.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: Nero MediaHome 4 => "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
MSCONFIG\startupreg: Remote Master => C:\Program Files\Remote Master\Remote Master.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2014 03:29:55 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0b5c0e16-fb6e-4c44-8234-07c52eca9317}
Error: (06/14/2014 10:54:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {4ed00ecf-467e-4f61-946b-bbd5317062fe}
Error: (06/14/2014 06:20:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {802a9160-9611-4adc-9398-5f7fb2be7d9c}
Error: (06/14/2014 05:47:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {d6a9145f-9eb6-455f-a28c-b590abc43a08}
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (06/15/2014 03:29:55 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0b5c0e16-fb6e-4c44-8234-07c52eca9317}
Error: (06/14/2014 10:54:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {4ed00ecf-467e-4f61-946b-bbd5317062fe}
Error: (06/14/2014 06:20:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {802a9160-9611-4adc-9398-5f7fb2be7d9c}
Error: (06/14/2014 05:47:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {d6a9145f-9eb6-455f-a28c-b590abc43a08}
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 3575.43 MB
Available physical RAM: 2401.84 MB
Total Pagefile: 7149.14 MB
Available Pagefile: 5909.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.73 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.73 GB) (Free:16.89 GB) NTFS
Drive d: (Daten) (Fixed) (Total:882.68 GB) (Free:624.87 GB) NTFS
Drive e: (System) (Fixed) (Total:14.65 GB) (Free:2.61 GB) NTFS
Drive f: (Software) (Fixed) (Total:14.65 GB) (Free:6.92 GB) NTFS
Drive g: (Data) (Fixed) (Total:45.23 GB) (Free:6.18 GB) NTFS
Drive i: (Lexar) (Removable) (Total:7.45 GB) (Free:2.28 GB) FAT32
Drive k: (My Book) (Fixed) (Total:465.65 GB) (Free:100.31 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 75 GB) (Disk ID: ED6E8B61)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=45 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7618FDE6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=883 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 7 (Size: 466 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)
==================== End Of Log ============================
Vielen Dank und beste Grüße Alex |
|
16.06.2014, 12:43
| #12 |
| /// the machine /// TB-Ausbilder | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Die vermüllten Laufwerke D und K entmüllen  Windows updaten, da fehlt ein Servicepack! Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.06.2014, 22:50
| #13 |
| | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Vielen Dank für die super Betreuung und für die Tipps, die nehme ich mir zu Herzen! Der Lob und eine Spende kommen natürlich auch, zum Abschluss vielleicht noch eine grundsätzliche Frage: Wie sicher ist das System nach all den Maßnahmen? Woanders wird in ähnlichen Fällen mal gerne pauschal geraten, Windows neu aufzusetzen bzw. gleich die Festplatte zu formatieren, weil die Malware nicht vollständig entfernt werden kann. Was soll man von den Ratschlägen halten? Beste Grüße Alex |
|
17.06.2014, 10:06
| #14 | |
| /// the machine /// TB-Ausbilder | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Wenn Neuaufsetzen nötig wäre hätten wir uns die ganze Arbeit sparen können .Zitat:
 Da schwirren so viele möchtegern- IT-Idioten im netz rum. Die lassen dich bei ner Adware Toolbar neu aufsetzen. Einfach keine Ahnung davon. Bei Rootkit und/oder Backdoor Infektionen, joah, da kann man über sowas reden. Aber nit hier. passwörter ändern ist Pflicht bei Befall, aber dann is gut. Das Ding is porentief rein.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.06.2014, 20:30
| #15 |
| | Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert Danke, so etwa habe ich es mir vorgestellt Mit den Passwörtern sind wahrscheinlich die Zugänge zu diversen Online-Diensten gemeint!? Welcher Zeitraum ist angebracht? Die letzten 1-2 Monate!? Beste Grüße Alex |
|
| Themen zu Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert |
| association, bluescreen 0x80070005, fehlercode 0x5, fehlercode 0xc0000005, fehlercode 0xc0000374, fehlercode windows, gruppenrichtlinie blockiert, trojan.proxy, trojan.ransom.gend, win32/adware.adon, win32/installmonetizer.aq, win32/pricegong.a, win32/toolbar.babylon, win32/toolbar.conduit, win32/toolbar.conduit.b, win32/toolbar.conduit.p, win32/toolbar.conduit.w, win32/toolbar.conduit.x, win32/toolbar.conduit.y, win32/toolbar.widgi, win64/toolbar.conduit.a, win64/toolbar.conduit.b |
WARNUNG an die MITLESER: 
Hybrid-Darstellung
