Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie

Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie


Log-Analyse und Auswertung: Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.08.2014, 14:52   #1
Micados
 
Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie - Standard

Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie


Hallo, mein Name ist Daniel und ich bin froh, dass es Euch gibt.

Mir ist heute aufgefallen, dass Anti-Vir nicht mehr läuft. Zuvor hatte Windows über den automatischen Updater neue Updates geladen.
Der manuelle Startversuch von Anti-Vir brachte keinen Erfolg sondern die Fehlermeldung, dass der Start durch eine Gruppenrichtlinie geblockt wird. Kurzes googlen brachte mich sehr bald in dieses Forum.
Ich bin die Anleitung durchgegangen und habe die nötigen Scans gemacht. Eigene Logs aus den vergangenen Tagen habe ich nicht. Hier also die Files:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:01 on 16/08/2014 (Daniel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2014 02
Ran by Daniel (administrator) on DANIEL-PC on 16-08-2014 15:02:44
Running from C:\Users\Daniel\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
( ) C:\Windows\System32\lxbkcoms.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3500979157-2244578959-1164281894-1000\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKU\S-1-5-21-3500979157-2244578959-1164281894-1000\...\Run: [Amazon Music] => C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-06-05] ()
HKU\S-1-5-21-3500979157-2244578959-1164281894-1000\...\Run: [Steam] => "C:\Program Files\Satinavs Ketten\Steam.exe" -silent
HKU\S-1-5-21-3500979157-2244578959-1164281894-1000\...\Run: [OztafLusos] => regsvr32.exe "
HKU\S-1-5-21-3500979157-2244578959-1164281894-1000\...\MountPoints2: {e05f3308-e72d-11e2-a762-0021707e2fbe} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\33063FJ+~.lnk
ShortcutTarget: 33063FJ+~.lnk -> ~+JF36033.dll,work (No File)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nkodj67e.lnk
ShortcutTarget: nkodj67e.lnk -> C:\PROGRA~2\299219~1\e76jdokn.cpp (No File)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Heike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3081007
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2984BD33779CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-30]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-10-23]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [73728 2008-06-25] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537256 2008-02-19] ( )
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe [221273 2008-06-25] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-08-05] (Dell Inc.) [File not signed]
S2 Winmgmt; C:\PROGRA~2\2992199F9A\~+JF36033.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-08-05] (Broadcom Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-03-14] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [144672 2008-07-28] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277504 2008-07-28] (Creative Technology Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-30] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x86\Sandra.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 15:02 - 2014-08-16 15:04 - 00011762 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-08-16 15:02 - 2014-08-16 15:02 - 01093632 _____ (Farbar) C:\Users\Daniel\Desktop\FRST.exe
2014-08-16 15:02 - 2014-08-16 15:02 - 00000000 ____D () C:\FRST
2014-08-16 15:01 - 2014-08-16 15:01 - 00000448 _____ () C:\Users\Daniel\Desktop\defogger_disable.log
2014-08-16 15:01 - 2014-08-16 15:01 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-08-16 15:00 - 2014-08-16 15:00 - 00050477 _____ () C:\Users\Daniel\Desktop\Defogger.exe
2014-08-15 22:13 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 22:13 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 22:13 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 22:12 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 20:42 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 20:42 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 20:42 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 20:42 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 20:42 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 20:42 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 20:42 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 20:42 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 20:42 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 20:42 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 20:42 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 20:42 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 20:42 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 20:42 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 20:42 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 20:42 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 20:42 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 20:42 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 20:42 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 20:42 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-15 20:42 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 20:42 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 20:42 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 20:42 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 20:42 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 20:42 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 20:42 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 20:42 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-15 20:42 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 20:41 - 2014-07-25 06:26 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 20:41 - 2014-07-25 04:53 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-10 20:56 - 2014-08-10 20:58 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Samsung
2014-08-10 20:56 - 2014-08-10 20:56 - 00000000 ____D () C:\Users\Public\Documents\SmartSwitch
2014-07-28 07:52 - 2014-07-28 07:53 - 00000000 ____D () C:\ProgramData\OztafLusos
2014-07-26 20:03 - 2014-07-26 20:03 - 00000000 ____D () C:\Users\Daniel\Desktop\Kozel_info_v1.182

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 15:04 - 2014-08-16 15:02 - 00011762 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-08-16 15:03 - 2008-10-07 03:44 - 01526812 _____ () C:\Windows\WindowsUpdate.log
2014-08-16 15:02 - 2014-08-16 15:02 - 01093632 _____ (Farbar) C:\Users\Daniel\Desktop\FRST.exe
2014-08-16 15:02 - 2014-08-16 15:02 - 00000000 ____D () C:\FRST
2014-08-16 15:01 - 2014-08-16 15:01 - 00000448 _____ () C:\Users\Daniel\Desktop\defogger_disable.log
2014-08-16 15:01 - 2014-08-16 15:01 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-08-16 15:01 - 2013-06-30 12:01 - 00000000 ____D () C:\Users\Daniel
2014-08-16 15:00 - 2014-08-16 15:00 - 00050477 _____ () C:\Users\Daniel\Desktop\Defogger.exe
2014-08-16 14:53 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-16 14:50 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 14:50 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 14:49 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 14:48 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-16 14:47 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-16 14:32 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-16 14:16 - 2006-11-02 14:47 - 00298136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 14:06 - 2014-05-01 11:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 22:18 - 2013-08-15 13:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 22:15 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-15 22:04 - 2014-06-19 13:40 - 00000000 ____D () C:\Users\Daniel\Documents\Musik Heike
2014-08-15 21:34 - 2014-06-18 18:52 - 00002583 _____ () C:\Users\Daniel\Desktop\Napster Rienf Repair.lnk
2014-08-10 20:58 - 2014-08-10 20:56 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Samsung
2014-08-10 20:56 - 2014-08-10 20:56 - 00000000 ____D () C:\Users\Public\Documents\SmartSwitch
2014-08-10 20:56 - 2006-11-02 14:52 - 00166724 _____ () C:\Windows\setupact.log
2014-08-10 14:08 - 2013-06-30 19:32 - 00000000 ____D () C:\Users\Heike\AppData\Roaming\Skype
2014-08-07 16:27 - 2013-06-30 15:10 - 00000000 ____D () C:\Users\Heike\Documents\Allgemein
2014-08-07 16:16 - 2013-09-01 11:03 - 00000000 ____D () C:\Users\Heike\Documents\Verfahrensbeistand
2014-08-07 16:16 - 2013-06-30 15:10 - 00000000 ____D () C:\Users\Heike\Documents\Steuer
2014-07-28 07:53 - 2014-07-28 07:52 - 00000000 ____D () C:\ProgramData\OztafLusos
2014-07-26 20:03 - 2014-07-26 20:03 - 00000000 ____D () C:\Users\Daniel\Desktop\Kozel_info_v1.182
2014-07-26 12:54 - 2013-06-30 15:10 - 00000000 ____D () C:\Users\Heike\Documents\Studium
2014-07-25 06:26 - 2014-08-15 20:41 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-25 04:53 - 2014-08-15 20:41 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-24 20:07 - 2014-08-15 20:42 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 19:58 - 2014-08-15 20:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 19:57 - 2014-08-15 20:42 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 19:52 - 2014-08-15 20:42 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 19:51 - 2014-08-15 20:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 19:51 - 2014-08-15 20:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 19:50 - 2014-08-15 20:42 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 19:50 - 2014-08-15 20:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 19:49 - 2014-08-15 20:42 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 19:49 - 2014-08-15 20:42 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 19:49 - 2014-08-15 20:42 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 19:49 - 2014-08-15 20:42 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 19:49 - 2014-08-15 20:42 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 19:48 - 2014-08-15 20:42 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 19:48 - 2014-08-15 20:42 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 19:48 - 2014-08-15 20:42 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 19:48 - 2014-08-15 20:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 19:48 - 2014-08-15 20:42 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 19:48 - 2014-08-15 20:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 19:48 - 2014-08-15 20:42 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 19:47 - 2014-08-15 20:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-23 07:34 - 2013-10-30 20:50 - 00007052 _____ () C:\Users\Heike\AppData\Local\d3d9caps.dat

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\AskSLib.dll
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\FreemakeVideoConverter_4.1.3.15.exe
C:\Users\Daniel\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Heike\AppData\Local\Temp\avgnt.exe
C:\Users\Heike\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Heike\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-16 14:54

==================== End Of Log ============================
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-08-2014 02
Ran by Daniel at 2014-08-16 15:04:28
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.0.0.564 - Amazon Services LLC)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0407.2138 - )
Attribute Changer 7.10e (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 7.10e - Romain Petges)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
BurnAware Free 6.4 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0407.2139.36897 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Danish (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Dutch (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help English (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Finnish (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help French (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help German (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Italian (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Japanese (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Korean (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Russian (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Spanish (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Swedish (Version: 2008.0407.2138.36897 - ATI) Hidden
ccc-core-static (Version: 2008.0407.2139.36897 - ATI) Hidden
ccc-utility (Version: 2008.0407.2139.36897 - ATI) Hidden
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.104 - Alps Electric)
Dienstprogramm für Dell Wireless WLAN Karte (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.13 - Dell Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.20140117 - Landesfinanzdirektion Thüringen)
Fotobuchhelden-DigitalPrinter (HKLM\...\FotobuchheldenFotobuchhelden-DigitalPrinter) (Version:  - Fotobuchhelden)
Free Audio Converter version 5.0.27.717 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.27.717 - DVDVideoSoft Ltd.)
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
Harmony Browser Plug-in (HKLM\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Hugin 2012.0.0 (HKLM\...\Hugin) (Version: 2012.0.0 hg_a6e4184ad538 - The Hugin Development Team)
Integrated Webcam Driver (1.02.02.0603)   (HKLM\...\Creative OA001) (Version:  - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
ITECIR Driver (Version: 1.00.000 - ITE) Hidden
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version:  - Lexmark International, Inc.)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Napster 5 Beta (HKLM\...\com.Rhapsody.Napster5) (Version: 1.0.65 - Rhapsody International, Inc)
Napster 5 Beta (Version: 1.0.65 - Rhapsody International, Inc) Hidden
Napster Rienf Repair (HKLM\...\{7FF8A00B-5FA7-4BD4-A6B9-131CE0D1FC11}) (Version: 1.1.9 - NA)
OnlineFotoservice (HKLM\...\OnlineFotoservice) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.0.12 - Dell Inc.)
SILKYPIX Developer Studio Pro 5 for Panasonic English (HKLM\...\InstallShield_{26C79819-CCAC-4B84-AD46-1B5837131E88}) (Version: 5 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio Pro 5 for Panasonic English (Version: 5 - Ichikawa Soft Laboratory) Hidden
Skins (Version: 2008.0407.2139.36897 - ATI) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {6BC8425B-62A5-4BA5-87F9-76EAD6AC01C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {CF805C61-AEF5-4A1B-8904-825614DE968D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-10-07 02:02 - 2008-08-05 14:17 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2008-10-07 02:02 - 2008-08-05 14:16 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-10-07 11:38 - 2008-05-04 10:42 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-06-19 13:22 - 2014-06-05 00:18 - 03162944 _____ () C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2014 08:45:39 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/10/2014 09:04:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iTunes.exe, Version 11.3.0.54, Zeitstempel 0x53bc1265, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x04f33fb5,
Prozess-ID 0xdd8, Anwendungsstartzeit iTunes.exe0.

Error: (08/09/2014 01:37:19 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/08/2014 06:52:10 PM) (Source: VSS) (EventID: 12291) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen bzw. Verwenden der COM+-Verfasserveröffentlichungsschnittstelle ist ein Fehler aufgetreten: BackupShutdown [0x8000ffff].

Error: (08/08/2014 06:52:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IMultiInterfaceEventControl::GetSubscriptions" ist ein unerwarteter Fehler aufgetreten. hr = 0x80010108.

Error: (08/08/2014 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39228667

Error: (08/08/2014 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39228667

Error: (08/08/2014 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/08/2014 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39227668

Error: (08/08/2014 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39227668


System errors:
=============
Error: (08/16/2014 02:51:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (08/16/2014 02:50:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (08/16/2014 02:47:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 3.0 SP2 unter Windows Vista SP2 und Windows Server 2008 SP2 x86 (KB2943344){79B538E2-D459-45A5-9A04-0C52C7559365}201

Error: (08/16/2014 02:47:46 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT-AUTORITÄT)
Description: Windows-Wartung konnte das Update 2943344-474_neutral_GDR aus Paket KB2943344(Security Update) nicht in den Status Bereitgestellt(Staged) setzen.

Error: (08/16/2014 02:47:46 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4375) (User: NT-AUTORITÄT)
Description: Windows-Wartung konnte das Paket KB2943344 (Security Update) nicht in den Status Installation angefordert(Install Requested) setzen.

Error: (08/16/2014 02:47:46 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT-AUTORITÄT)
Description: Windows-Wartung konnte das Update 2943344-310_neutral_GDR aus Paket KB2943344(Security Update) nicht in den Status Bereitgestellt(Staged) setzen.

Error: (08/16/2014 02:47:46 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT-AUTORITÄT)
Description: Windows-Wartung konnte das Update 2943344-308_neutral_GDR aus Paket KB2943344(Security Update) nicht in den Status Bereitgestellt(Staged) setzen.

Error: (08/16/2014 02:47:46 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT-AUTORITÄT)
Description: Windows-Wartung konnte das Update 2943344-306_neutral_GDR aus Paket KB2943344(Security Update) nicht in den Status Bereitgestellt(Staged) setzen.

Error: (08/16/2014 02:47:46 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT-AUTORITÄT)
Description: Windows-Wartung konnte das Update 2943344-304_neutral_GDR aus Paket KB2943344(Security Update) nicht in den Status Bereitgestellt(Staged) setzen.

Error: (08/16/2014 02:47:46 PM) (Source: Microsoft-Windows-Servicing) (EventID: 4385) (User: NT-AUTORITÄT)
Description: Windows-Wartung konnte das Update 2943344-302_neutral_GDR aus Paket KB2943344(Security Update) nicht in den Status Bereitgestellt(Staged) setzen.


Microsoft Office Sessions:
=========================
Error: (08/11/2014 08:45:39 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/10/2014 09:04:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe11.3.0.5453bc1265unknown0.0.0.000000000c000000504f33fb5dd801cfb4cd6e85cd4a

Error: (08/09/2014 01:37:19 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/08/2014 06:52:10 PM) (Source: VSS) (EventID: 12291) (User: )
Description: BackupShutdown0x8000ffff

Error: (08/08/2014 06:52:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IMultiInterfaceEventControl::GetSubscriptions0x80010108

Error: (08/08/2014 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39228667

Error: (08/08/2014 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39228667

Error: (08/08/2014 10:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/08/2014 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39227668

Error: (08/08/2014 10:02:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39227668


CodeIntegrity Errors:
===================================
  Date: 2014-07-24 08:47:33.903
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-24 08:47:33.716
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 14:40:43.397
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\verifier.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-28 20:44:36.646
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-28 20:44:36.518
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 14:30:43.469
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 14:30:43.366
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 14:30:43.263
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 14:30:43.156
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 14:29:34.965
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 56%
Total physical RAM: 2045.24 MB
Available physical RAM: 887.59 MB
Total Pagefile: 4333.76 MB
Available Pagefile: 2802.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.51 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:222.72 GB) (Free:72.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=173 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-16 15:31:15
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0 232,89GB
Running: s9gbfw9s.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys


---- System - GMER 2.1 ----

SSDT            88B181CE                                                                                     ZwCreateSection
SSDT            88B181D8                                                                                     ZwRequestWaitReplyPort
SSDT            88B181D3                                                                                     ZwSetContextThread
SSDT            88B181DD                                                                                     ZwSetSecurityObject
SSDT            88B181E2                                                                                     ZwSystemDebugControl
SSDT            88B1816F                                                                                     ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                81EB3860 4 Bytes  [CE, 81, B1, 88]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                81EB3B84 4 Bytes  [D8, 81, B1, 88]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                81EB3BB8 4 Bytes  [D3, 81, B1, 88]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                81EB3C1C 4 Bytes  [DD, 81, B1, 88]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                81EB3C64 4 Bytes  [E2, 81, B1, 88] {LOOP 0xffffff83; MOV CL, 0x88}
.text           ...                                                                                          
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                     section is writeable [0x8BA08000, 0x1FB0FA, 0xE8000020]
.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                     entry point in ".vmp2" section [0x9CA9069D]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] kernel32.dll!CreateThread              7577CBEE 5 Bytes  JMP 695E750B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!CreateDialogParamW          756972A2 5 Bytes  JMP 6977DEB8 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!GetAsyncKeyState            7569863C 5 Bytes  JMP 695CDEDD C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!SetWindowsHookExW           756987AD 5 Bytes  JMP 69622964 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!CallNextHookEx              75698E3B 5 Bytes  JMP 69647C5F C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!UnhookWindowsHookEx         756998DB 5 Bytes  JMP 6966E1EC C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!EnableWindow                7569CD8B 5 Bytes  JMP 6962A27C C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!DefWindowProcA              7569DB88 7 Bytes  JMP 695E9735 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!CreateWindowExA             7569DC2A 5 Bytes  JMP 695F3553 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!CreateWindowExW             756A1305 5 Bytes  JMP 6965000F C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!GetKeyState                 756A8CB1 5 Bytes  JMP 695CDDB3 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!DefWindowProcW              756B03B4 7 Bytes  JMP 69647CC2 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!IsDialogMessageW            756B0745 5 Bytes  JMP 6977E61D C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!CreateDialogParamA          756B17AA 5 Bytes  JMP 6977DE80 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!IsDialogMessage             756B1847 5 Bytes  JMP 6977E5F5 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!CreateDialogIndirectParamA  756B26F1 5 Bytes  JMP 6977DEF0 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!CreateDialogIndirectParamW  756B9A62 5 Bytes  JMP 6977DF28 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!SetKeyboardState            756C0987 5 Bytes  JMP 6977EEE5 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!DialogBoxParamW             756C10B0 5 Bytes  JMP 695818DB C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!DialogBoxIndirectParamW     756C2EF5 5 Bytes  JMP 6977DB4E C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!SendInput                   756C2F75 5 Bytes  JMP 6977EE8D C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!EndDialog                   756C326E 5 Bytes  JMP 6977E8C9 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!SetCursorPos                756D6FB2 5 Bytes  JMP 6977EF66 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!DialogBoxParamA             756D8152 5 Bytes  JMP 6977DAE9 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!DialogBoxIndirectParamA     756D847D 5 Bytes  JMP 6977DBB3 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!MessageBoxIndirectA         756ED4D9 5 Bytes  JMP 6977DA70 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!MessageBoxIndirectW         756ED5D3 5 Bytes  JMP 6977D9F7 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!MessageBoxExA               756ED639 5 Bytes  JMP 6977D993 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!MessageBoxExW               756ED65D 5 Bytes  JMP 6977D92F C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] USER32.dll!keybd_event                 756ED972 5 Bytes  JMP 6977EE4A C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] SHELL32.dll!SHRestricted + D95         759688D8 4 Bytes  [CF, 01, 54, 62]
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] SHELL32.dll!SHRestricted + D9D         759688E0 8 Bytes  [E0, 61, 53, 62, 79, F7, 53, ...]
.text           C:\Program Files\Internet Explorer\iexplore.exe[2436] ole32.dll!OleLoadFromStream            76421E80 5 Bytes  JMP 6977E327 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateThread              7577CBEE 5 Bytes  JMP 695E750B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CreateDialogParamW          756972A2 5 Bytes  JMP 6977DEB8 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!GetAsyncKeyState            7569863C 5 Bytes  JMP 695CDEDD C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!SetWindowsHookExW           756987AD 5 Bytes  JMP 69622964 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CallNextHookEx              75698E3B 5 Bytes  JMP 69647C5F C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!UnhookWindowsHookEx         756998DB 5 Bytes  JMP 6966E1EC C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!EnableWindow                7569CD8B 5 Bytes  JMP 6962A27C C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DefWindowProcA              7569DB88 7 Bytes  JMP 695E9735 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CreateWindowExA             7569DC2A 5 Bytes  JMP 695F3553 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CreateWindowExW             756A1305 5 Bytes  JMP 6965000F C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!GetKeyState                 756A8CB1 5 Bytes  JMP 695CDDB3 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DefWindowProcW              756B03B4 7 Bytes  JMP 69647CC2 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!IsDialogMessageW            756B0745 5 Bytes  JMP 6977E61D C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CreateDialogParamA          756B17AA 5 Bytes  JMP 6977DE80 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!IsDialogMessage             756B1847 5 Bytes  JMP 6977E5F5 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CreateDialogIndirectParamA  756B26F1 5 Bytes  JMP 6977DEF0 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CreateDialogIndirectParamW  756B9A62 5 Bytes  JMP 6977DF28 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!SetKeyboardState            756C0987 5 Bytes  JMP 6977EEE5 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxParamW             756C10B0 5 Bytes  JMP 695818DB C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxIndirectParamW     756C2EF5 5 Bytes  JMP 6977DB4E C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!SendInput                   756C2F75 5 Bytes  JMP 6977EE8D C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!EndDialog                   756C326E 5 Bytes  JMP 6977E8C9 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!SetCursorPos                756D6FB2 5 Bytes  JMP 6977EF66 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxParamA             756D8152 5 Bytes  JMP 6977DAE9 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxIndirectParamA     756D847D 5 Bytes  JMP 6977DBB3 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxIndirectA         756ED4D9 5 Bytes  JMP 6977DA70 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxIndirectW         756ED5D3 5 Bytes  JMP 6977D9F7 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxExA               756ED639 5 Bytes  JMP 6977D993 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxExW               756ED65D 5 Bytes  JMP 6977D92F C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!keybd_event                 756ED972 5 Bytes  JMP 6977EE4A C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] SHELL32.dll!SHRestricted + D95         759688D8 4 Bytes  [CF, 01, 54, 62]
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] SHELL32.dll!SHRestricted + D9D         759688E0 8 Bytes  [E0, 61, 53, 62, 79, F7, 53, ...]
.text           C:\Program Files\Internet Explorer\iexplore.exe[3576] ole32.dll!OleLoadFromStream            76421E80 5 Bytes  JMP 6977E327 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3816] USER32.dll!EnableWindow                7569CD8B 5 Bytes  JMP 6962A27C C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3816] USER32.dll!DialogBoxParamW             756C10B0 5 Bytes  JMP 695818DB C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3816] USER32.dll!DialogBoxIndirectParamW     756C2EF5 5 Bytes  JMP 6977DB4E C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3816] USER32.dll!DialogBoxParamA             756D8152 5 Bytes  JMP 6977DAE9 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3816] USER32.dll!DialogBoxIndirectParamA     756D847D 5 Bytes  JMP 6977DBB3 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3816] USER32.dll!MessageBoxIndirectA         756ED4D9 5 Bytes  JMP 6977DA70 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3816] USER32.dll!MessageBoxIndirectW         756ED5D3 5 Bytes  JMP 6977D9F7 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3816] USER32.dll!MessageBoxExA               756ED639 5 Bytes  JMP 6977D993 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[3816] USER32.dll!MessageBoxExW               756ED65D 5 Bytes  JMP 6977D92F C:\Windows\system32\IEFRAME.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                     fltmgr.sys

---- EOF - GMER 2.1 ----
DANKE

 

Themen zu Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie
adware, antivir, antivirus, avira, bonjour, branding, cpu, dvdvideosoft ltd., error, flash player, google, home, installation, karte, mozilla, programm, registry, rundll, security, software, starten, svchost.exe, system, updates, vista, windows, wlan


« Windows 8: Laggs bei Spielen | ipconfig -all leer, keine Konektivität IPv4/6, Laden Boot- oder Systemstarttreiber fehlgeschlagen: Avgfwfd, Avgloga »


Ähnliche Themen: Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie


  1. Windows Vista - Abgestürzt und lässt sich nicht mehr starten
    Alles rund um Windows - 28.06.2015 (27)
  2. Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste
    Log-Analyse und Auswertung - 28.01.2015 (8)
  3. Windows 7 grauer Bildschirm, lässt sich nicht mehr starten
    Log-Analyse und Auswertung - 21.01.2015 (33)
  4. Win7 - Avira lässt sich nicht ausführen / Programm durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 06.01.2015 (39)
  5. PC mit Win 7 64 bit wird langsam, Mehrere Internet Explorer Prozesse machen sich auf, Antivir wird geblockt, lässt sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 23.08.2014 (7)
  6. Windows Vista G Data: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt
    Log-Analyse und Auswertung - 23.08.2014 (9)
  7. WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)
    Log-Analyse und Auswertung - 17.08.2014 (9)
  8. Dieses Programm wurde durch eine Gruppenrichtlinie blockiert... Avast und Antivir lassen sich nicht mehr starten!
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (17)
  9. Avira lässt sich nicht starten - Gruppenrichtlinie
    Log-Analyse und Auswertung - 14.06.2014 (5)
  10. Windows Vista Home Premium lässt sich nicht starten.
    Alles rund um Windows - 02.01.2014 (14)
  11. GVU-Trojaner, Windows-Vista lässt sich nicht mehr starten
    Log-Analyse und Auswertung - 26.08.2013 (24)
  12. Sicherheitscenter bei Windows Vista lässt sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (25)
  13. Windows XP lässt sich gar nicht mehr starten
    Alles rund um Windows - 22.06.2012 (3)
  14. Windows 7 lässt sich nicht mehr starten
    Alles rund um Windows - 24.03.2012 (8)
  15. dwlgina3.dll, gema, windows vista laesst sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 19.11.2011 (10)
  16. Personal Shield Pro - Anti-Malware beendet sich und lässt sich nicht mehr starten-auch nicht mit OTH
    Log-Analyse und Auswertung - 18.08.2011 (1)
  17. Windows-Explorer lässt sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 17.03.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie - Hallo, mein Name ist Daniel und ich bin froh, dass es Euch gibt. Mir ist heute aufgefallen, dass Anti-Vir nicht mehr läuft. Zuvor hatte Windows über den automatischen Updater neue - Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie...
Archiv
Du betrachtest: Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55