| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA Trojaner sperrt PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.12.2014, 14:56
| #1 |
 |  BKA Trojaner sperrt PC Hallo liebes Forum, Leider habe ich mir einen Trojaner eingefangen der meinen PC sperrt. Sobald ich mich in Windows einlogge kommt diese Meldung und ich kann nichts mehr machen. Nicht einmal der Task Manager schafft es sich vor den sperrbildschirm zu setzen. Mein System ist Windows 7 64bit ultimate. Ich hänge mal ein Bild mit ran das ich mit meinem Tablet gemacht habe von dem ich hier auch schreibe. Ich hatte das Problem schon ein wenig gegoogelt jedoch scheitert es immer daran das ich im abgesicherten Modus ebenfalls diesen sperrbildschirm bekomme. ich hoffe das Problem lässt sich lösen ohne das ich meinen PC neu aufsetzen muss. Danke |
|
14.12.2014, 15:28
| #2 |
| /// the machine /// TB-Ausbilder    | BKA Trojaner sperrt PC hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
|
14.12.2014, 16:12
| #3 |
| | BKA Trojaner sperrt PC Hallo und danke für die schnelle Antowrt.
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
Ran by SYSTEM on MININT-7FBRAS9 on 14-12-2014 15:54:59
Running from G:\
Platform: Windows 7 Ultimate (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Startup: C:\Users\Blub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\83871218D.lnk
ShortcutTarget: 83871218D.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2014-12-03] (Adobe Systems Incorporated)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51808 2013-09-11] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2013-09-11] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation)
S3 fsssvc; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1512448 2013-02-05] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-05] (Microsoft Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [569768 2013-12-11] (Valve Corporation)
S2 Stereo Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [409800 2014-11-12] (NVIDIA Corporation)
S2 TeamViewer9; C:\Program Files\TeamViewer_Service.exe [4799760 2014-09-12] (TeamViewer GmbH)
S2 Winmgmt; C:\ProgramData\83871218D.zot [356352 2014-12-13] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-07] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NVHDA; C:\Windows\System32\drivers\nvhda64v.sys [197408 2014-11-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\System32\DRIVERS\nvstusb.sys [451216 2014-11-13] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 Point64; C:\Windows\System32\DRIVERS\point64.sys [50800 2013-01-29] (Microsoft Corporation)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [127488 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [18944 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [161280 2009-09-19] (MCCI Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys A87D604AEA360176311474C87A63BB88
C:\Windows\System32\drivers\ACPI.sys D81D9E70B8A6DD14D42D7B4EFA65D5F2
C:\Windows\system32\drivers\acpipmi.sys 99F8E788246D495CE3794D7E7821D2CA
C:\Windows\system32\DRIVERS\adp94xx.sys 2F6B34B83843F0C5118B63AC634F5BF4
C:\Windows\system32\DRIVERS\adpahci.sys 597F78224EE9224EA1A13D6350CED962
C:\Windows\system32\DRIVERS\adpu320.sys E109549C90F62FB570B9540C4B148E54
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys 608C14DBA7299D8CB6ED035A68A15799
C:\Windows\system32\drivers\aliide.sys 5812713A477A3AD7363C7438CA2EE038
C:\Windows\system32\drivers\amdide.sys 1FF8B4431C353CE385C875F194924C0C
C:\Windows\system32\DRIVERS\amdk8.sys 7024F087CFF1833A806193EF9D22CDA9
C:\Windows\system32\DRIVERS\amdppm.sys 1E56388B3FE0D031C44144EB8C4D6217
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys F67F933E79241ED32FF46A4F29B5120B
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 89A69C3F2F319B43379399547526D952
C:\Windows\system32\DRIVERS\arc.sys C484F8CEB1717C540242531DB7845C4E
C:\Windows\system32\DRIVERS\arcsas.sys 019AF6924AEFE7839F61C830227FE79C
C:\Windows\System32\DRIVERS\asyncmac.sys 769765CE2CC62867468CEA93969B2242
C:\Windows\System32\drivers\atapi.sys 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\system32\DRIVERS\bxvbda.sys 3E5B191307609F7514148C6832BB0842
C:\Windows\System32\DRIVERS\b57nd60a.sys B5ACE6968304A3900EEB1EBFD9622DF2
C:\Windows\System32\Drivers\Beep.sys 16A47CE2DECC9B099349A5F840654746
C:\Windows\System32\DRIVERS\blbdrive.sys 61583EE3C3A17003C4ACD0475646B4D3
C:\Windows\System32\DRIVERS\bowser.sys 6C02A83164F5CC0A262F4199F0871CF5
C:\Windows\system32\DRIVERS\BrFiltLo.sys F09EEE9EDC320B5E1501F749FDE686C8
C:\Windows\system32\DRIVERS\BrFiltUp.sys B114D3098E9BDB8BEA8B053685831BE6
C:\Windows\System32\Drivers\Brserid.sys 43BEA8D483BF1870F018E2D02E06A5BD
C:\Windows\System32\Drivers\BrSerWdm.sys A6ECA2151B08A09CACECA35C07F05B42
C:\Windows\System32\Drivers\BrUsbMdm.sys B79968002C277E869CF38BD22CD61524
C:\Windows\System32\Drivers\BrUsbSer.sys A87528880231C54E75EA7A44943B38BF
C:\Windows\system32\DRIVERS\bthmodem.sys 9DA669F11D1F894AB4EB69BF546A42E8
C:\Windows\System32\DRIVERS\cdfs.sys B8BD2BB284668C84865658C77574381A
C:\Windows\System32\DRIVERS\cdrom.sys F036CE71586E93D94DAB220D7BDF4416
C:\Windows\system32\DRIVERS\circlass.sys D7CD5C4E1B71FA62050515314CFB52CF
C:\Windows\System32\CLFS.sys FE1EC06F2253F691FE36217C592A0206
C:\Windows\system32\DRIVERS\CmBatt.sys 0840155D0BDDF1190F84A663C284BD33
C:\Windows\system32\drivers\cmdide.sys E19D3F095812725D88F9001985B94EDD
C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE
C:\Windows\system32\DRIVERS\compbatt.sys 102DE219C3F61415F964C88E9085AD14
C:\Windows\system32\drivers\CompositeBus.sys 03EDB043586CCEBA243D689BDDA370A8
C:\Windows\system32\DRIVERS\crcdisk.sys 1C827878A998C18847245FE1F34EE597
C:\Windows\System32\drivers\csc.sys 54DA3DFD29ED9F1619B6F53F3CE55E49
C:\Windows\System32\DRIVERS\dc3d.sys BA25D4B9B067248F7CAC416E855D706B
C:\Windows\System32\Drivers\dfsc.sys 9BB2EF44EAA163B29C4A4587887A0FE4
C:\Windows\System32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
C:\Windows\System32\drivers\discache.sys 13096B05847EC78F0977F2C0F79E9AB3
C:\Windows\System32\DRIVERS\disk.sys 9819EEE8B5EA3784EC4AF3B137A5244C
C:\Windows\System32\drivers\drmkaud.sys 9B19F34400D24DF84C858A421C205754
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 33F90B202E9DD9B7D489EB59310FDC34
C:\Windows\System32\drivers\dxgkrnl.sys F5BEE30450E18E6B83A5012C100616FD
C:\Windows\system32\DRIVERS\evbda.sys DC5D737F51BE844D8C82C695EB17372F
C:\Windows\system32\DRIVERS\elxstor.sys 0E5DA5369A0FCAEA12456DD852545184
C:\Windows\system32\drivers\errdev.sys 34A3C54752046E79A126E15C51DB409B
C:\Windows\System32\Drivers\exfat.sys A510C654EC00C1E9BDD91EEB3A59823B
C:\Windows\System32\Drivers\fastfat.sys 0ADC83218B66A6DB380C330836F3E36D
C:\Windows\System32\DRIVERS\fdc.sys D765D19CD8EF61F650C384F62FAC00AB
C:\Windows\System32\drivers\fileinfo.sys 655661BE46B5F5F3FD454E2C3095B930
C:\Windows\System32\drivers\filetrace.sys 5F671AB5BC87EEA04EC38A6CD5962A47
C:\Windows\System32\DRIVERS\flpydisk.sys C172A0F53008EAEB8EA33FE10E177AF5
C:\Windows\System32\drivers\fltmgr.sys DA6B67270FD9DB3697B20FCE94950741
C:\Windows\System32\drivers\FsDepends.sys D43703496149971890703B4B1B723EAC
C:\Windows\System32\DRIVERS\fssfltr.sys B3EB502D2C3F47C47415F85387DFAEF1
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys 8C778D335C9D272CFD3298AB02ABE3B6
C:\Windows\system32\drivers\hcw85cir.sys F2523EF6460FC42405B12248338AB2F0
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys 97BFED39B6B79EB12CDDBFEED51F56BB
C:\Windows\system32\DRIVERS\HidBatt.sys 78E86380454A7B10A5EB255DC44A355F
C:\Windows\system32\DRIVERS\hidbth.sys 7FD2A313F7AFE5C4DAB14798C48DD104
C:\Windows\system32\DRIVERS\hidir.sys 0A77D29F311B88CFAE3B13F9C1A73825
C:\Windows\System32\DRIVERS\hidusb.sys 9592090A7E2B61CD582B612B6DF70536
C:\Windows\system32\drivers\HpSAMD.sys 39D2ABCD392F3D8A6DCE7B60AE7B8EFC
C:\Windows\System32\drivers\HTTP.sys 0EA7DE1ACB728DD5A369FD742D6EEE28
C:\Windows\System32\drivers\hwpolicy.sys A5462BD6884960C9DC85ED49D34FF392
C:\Windows\system32\drivers\i8042prt.sys FA55C73D4AFFA7EE23AC4BE53B4592D3
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys 5C18831C61933628F5BB0EA2675B9D21
C:\Windows\system32\drivers\intelide.sys F00F20E70C6EC3AA366910083A0518AA
C:\Windows\System32\DRIVERS\intelppm.sys ADA036632C664CAA754079041CF1F8C1
C:\Windows\System32\DRIVERS\ipfltdrv.sys C9F0E1BD74365A8771590E9008D22AB6
C:\Windows\system32\drivers\IPMIDrv.sys 0FC1AEA580957AA8817B8F305D18CA3A
C:\Windows\System32\drivers\ipnat.sys AF9B39A7E7B6CAA203B3862582E9F2D0
C:\Windows\System32\drivers\irenum.sys 3ABF5E7213EB28966D55D58B515D5CE9
C:\Windows\system32\drivers\isapnp.sys 2F7B28DC3E1183E5EB418DF55C204F38
C:\Windows\system32\drivers\msiscsi.sys D931D7309DEB2317035B07C9F9E6B0BD
C:\Windows\System32\DRIVERS\kbdclass.sys BC02336F1CBA7DCC7D1213BB588A68A5
C:\Windows\System32\DRIVERS\kbdhid.sys 0705EFF5B42A9DB58548EEC3B26BB484
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E
C:\Windows\system32\drivers\ksthunk.sys 6869281E78CB31A43E969F06B57347C4
C:\Windows\System32\DRIVERS\lltdio.sys 1538831CF8AD2979A04C423779465827
C:\Windows\system32\DRIVERS\lsi_fc.sys 1A93E54EB0ECE102495A51266DCDB6A6
C:\Windows\system32\DRIVERS\lsi_sas.sys 1047184A9FDC8BDBFF857175875EE810
C:\Windows\system32\DRIVERS\lsi_sas2.sys 30F5C0DE1EE8B5BC9306C1F0E4A75F93
C:\Windows\system32\DRIVERS\lsi_scsi.sys 0504EACAFF0D3C8AED161C4B0D369D4A
C:\Windows\system32\drivers\luafv.sys 43D0F98E1D56CCDDB0D5254CFF7B356E
C:\Windows\system32\DRIVERS\megasas.sys A55805F747C6EDB6A9080D7C633BD0F4
C:\Windows\system32\DRIVERS\MegaSR.sys BAF74CE0072480C3B6B7C13B2A94D6B3
C:\Windows\System32\drivers\modem.sys 800BA92F7010378B09F9ED9270F07137
C:\Windows\System32\DRIVERS\monitor.sys B03D591DC7DA45ECE20B3B467E6AADAA
C:\Windows\System32\DRIVERS\mouclass.sys 7D27EA49F3C1F687D357E77A470AEA99
C:\Windows\System32\DRIVERS\mouhid.sys D3BF052C40B0C4166D9FD86A4288C1E6
C:\Windows\System32\drivers\mountmgr.sys 32E7A3D591D671A6DF2DB515A5CBE0FA
C:\Windows\System32\DRIVERS\MpFilter.sys FC1D590039EF06A381768710E6C07E75
C:\Windows\system32\drivers\mpio.sys A44B420D30BD56E145D6A2BC8768EC58
C:\Windows\System32\drivers\mpsdrv.sys 6C38C9E45AE0EA2FA5E551F2ED5E978F
C:\Windows\system32\drivers\mrxdav.sys DC722758B8261E1ABAFD31A3C0A66380
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys C25F0BAFA182CBCA2DD3C851C2E75796
C:\Windows\system32\drivers\msdsm.sys DB801A638D011B9633829EB6F663C900
C:\Windows\System32\Drivers\Msfs.sys AA3FB40E17CE1388FA1BEDAB50EA8F96
C:\Windows\System32\drivers\mshidkmdf.sys F9D215A46A8B9753F61767FA72A20326
C:\Windows\System32\drivers\msisadrv.sys D916874BBD4F8B07BFB7FA9B3CCAE29D
C:\Windows\System32\drivers\MSKSSRV.sys 49CCF2C4FEA34FFAD8B1B59D49439366
C:\Windows\System32\drivers\MSPCLOCK.sys BDD71ACE35A232104DDD349EE70E1AB3
C:\Windows\System32\drivers\MSPQM.sys 4ED981241DB27C3383D72092B618A1D0
C:\Windows\System32\Drivers\MsRPC.sys 759A9EEB0FA9ED79DA1FB7D4EF78866D
C:\Windows\system32\drivers\mssmbios.sys 0EED230E37515A0EAEE3C2E1BC97B288
C:\Windows\System32\drivers\MSTEE.sys 2E66F9ECB30B4221A318C92AC2250779
C:\Windows\system32\DRIVERS\MTConfig.sys 7EA404308934E675BFFDE8EDF0757BCD
C:\Windows\System32\DRIVERS\ASACPI.sys 03B7145C889603537E9FFEABB1AD1089
C:\Windows\System32\Drivers\mup.sys F9A18612FD3526FE473C1BDA678D61C8
C:\Windows\System32\DRIVERS\nwifi.sys 1EA3749C4114DB3E3161156FFFFA6B33
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys 9F9A1F53AAD7DA4D6FEF5BB73AB811AC
C:\Windows\System32\DRIVERS\ndistapi.sys 30639C932D9FEF22B31268FE25A1B6E5
C:\Windows\System32\DRIVERS\ndisuio.sys 136185F9FB2CC61E573E676AA5402356
C:\Windows\System32\DRIVERS\ndiswan.sys 53F7305169863F0A2BDDC49E116C2E11
C:\Windows\System32\Drivers\NDProxy.sys 015C0D8E0E0421B4CFD48CFFE2825879
C:\Windows\System32\DRIVERS\netbios.sys 86743D9F5D2B1048062B14B1D84501C4
C:\Windows\System32\DRIVERS\netbt.sys 09594D1089C523423B32A4229263F068
C:\Windows\system32\DRIVERS\nfrd960.sys 77889813BE4D166CDAB78DDBA990DA92
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 8FB3C853E886E1E4D57271672486111C
C:\Windows\System32\Drivers\Npfs.sys 1E4C4AB5C9B8DD13179BBDC75A2A01F7
C:\Windows\System32\drivers\nsiproxy.sys E7F5AE18AF4168178A642A9247C63001
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys 9899284589F75FA8724FF3D16AED75C1
C:\Windows\System32\drivers\nvhda64v.sys C87B11EB78428853F9E8495C47E53C10
C:\Windows\System32\DRIVERS\nvlddmkm.sys 185B4FFECD886A424B57B58AE173FBBE
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 63734B0FBD8E6DAF841AD3DD47DEFFFB
C:\Windows\System32\DRIVERS\nvstusb.sys 61E742FCFC9621DFD173B7AD7841CE4C
C:\Windows\System32\drivers\nvvad64v.sys 1FE5C1F4CCA8EAEA75C90FB2A85D9CC3
C:\Windows\system32\drivers\nv_agp.sys 270D7CD42D6E3979F6DD0146650F0E05
C:\Windows\system32\drivers\ohci1394.sys 3589478E4B22CE21B41FA1BFC0B8B8A0
C:\Windows\system32\DRIVERS\parport.sys 0086431C29C35BE1DBC43F52CC273887
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys 94575C0571D1462A0F70BDE6BD6EE6B3
C:\Windows\System32\drivers\pciide.sys B5B8B5EF2E5CB34DF8DCF8831E3534FA
C:\Windows\system32\DRIVERS\pcmcia.sys B2E81D4E87CE48589F98CB8C05B01F2F
C:\Windows\System32\drivers\pcw.sys D6B9C2E1A11A3A4B26A182FFEF18F603
C:\Windows\System32\drivers\peauth.sys 68769C3356B3BE5D1C732C97B9A80D6E
C:\Windows\System32\DRIVERS\point64.sys 34A8FAE065249F85A67A3215FF5ECB34
C:\Windows\System32\DRIVERS\raspptp.sys F92A2C41117A11A00BE01CA01A7FCDE9
C:\Windows\system32\DRIVERS\processr.sys 0D922E23C041EFB1C3FAC2A6F943C9BF
C:\Windows\System32\DRIVERS\pacer.sys 0557CF5A2556BD58E26384169D72438D
C:\Windows\system32\DRIVERS\ql2300.sys A53A15A11EBFD21077463EE2C7AFEEF0
C:\Windows\system32\DRIVERS\ql40xx.sys 4F6D12B51DE1AAEFF7DC58C4D75423C8
C:\Windows\system32\drivers\qwavedrv.sys 76707BB36430888D9CE9D705398ADB6C
C:\Windows\System32\DRIVERS\rasacd.sys 5A0DA8AD5762FA2D91678A8A01311704
C:\Windows\System32\DRIVERS\AgileVpn.sys 7ECFF9B22276B73F43A99A15A6094E90
C:\Windows\System32\DRIVERS\rasl2tp.sys 471815800AE33E6F1C32FB1B97C490CA
C:\Windows\System32\DRIVERS\raspppoe.sys 855C9B1CD4756C5E9A2AA58A15F58C25
C:\Windows\System32\DRIVERS\rassstp.sys E8B1E447B008D07FF47D016C2B0EEECB
C:\Windows\System32\DRIVERS\rdbss.sys 77F665941019A1594D887A74F301FA2F
C:\Windows\System32\DRIVERS\rdpbus.sys 302DA2A0539F2CF54D7C6CC30C1F2D8D
C:\Windows\System32\DRIVERS\RDPCDD.sys CEA6CC257FC9B7715F1C2B4849286D24
C:\Windows\System32\drivers\rdpdr.sys 1B6163C503398B23FF8B939C67747683
C:\Windows\System32\drivers\rdpencdd.sys BB5971A4F00659529A5C44831AF22365
C:\Windows\System32\drivers\rdprefmp.sys 216F3FA57533D98E1F74DED70113177A
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys 34ED295FA0121C241BFEF24764FC4520
C:\Windows\System32\DRIVERS\rspndr.sys DDC86E4F8E7456261E637E3552E804FF
C:\Windows\System32\DRIVERS\RTL8192su.sys A332DB1DAC07E95667A57AAEEC236C37
C:\Windows\system32\drivers\vms3cap.sys E60C0A09F997826C7627B244195AB581
C:\Windows\system32\drivers\sbp2port.sys AC03AF3329579FFFB455AA2DAABBE22B
C:\Windows\System32\DRIVERS\scfilter.sys 253F38D0D7074C02FF8DEB9836C97D2B
C:\Windows\System32\Drivers\secdrv.sys 3EA8A16169C26AFBEB544E0E48421186
C:\Windows\system32\DRIVERS\serenum.sys CB624C0035412AF0DEBEC78C41F5CA1B
C:\Windows\system32\DRIVERS\serial.sys C1D8E28B2C2ADFAEC4BA89E9FDA69BD6
C:\Windows\system32\DRIVERS\sermouse.sys 1C545A7D0691CC4A027396535691C3E3
C:\Windows\system32\drivers\sffdisk.sys A554811BCD09279536440C964AE35BBF
C:\Windows\system32\drivers\sffp_mmc.sys FF414F0BAEFEBA59BC6C04B3DB0B87BF
C:\Windows\system32\drivers\sffp_sd.sys DD85B78243A19B59F0637DCF284DA63C
C:\Windows\system32\DRIVERS\sfloppy.sys A9D601643A1647211A1EE2EC4E433FF4
C:\Windows\system32\DRIVERS\SiSRaid2.sys 843CAF1E5FDE1FFD5FF768F23A51E2E1
C:\Windows\system32\DRIVERS\sisraid4.sys 6A6C106D42E9FFFF8B9FCB4F754F6DA4
C:\Windows\System32\DRIVERS\smb.sys 548260A7B8654E024DC30BF8A7C5BAA4
C:\Windows\System32\Drivers\spldr.sys B9E31E5CACDFE584F34F730A677803F9
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\Windows\System32\DRIVERS\ss_bbus.sys EF806D212D34B0E173BAEB3564D53E37
C:\Windows\System32\DRIVERS\ss_bmdfl.sys 08B1B34ABEBEB6AC2DEA06900C56411E
C:\Windows\System32\DRIVERS\ss_bmdm.sys 71A9DA6BEAA4CB54DFB827FB78600A5D
C:\Windows\System32\DRIVERS\ss_bserd.sys 677CDC98F8363ACCAAE783FDE1599C2A
C:\Windows\system32\DRIVERS\stexstor.sys F3817967ED533D08327DC73BC4D5542A
C:\Windows\System32\drivers\vmstorfl.sys 7785DC213270D2FC066538DAF94087E7
C:\Windows\system32\drivers\storvsc.sys D34E4943D5AC096C8EDEEBFD80D76E23
C:\Windows\system32\drivers\swenum.sys D01EC09B6711A5F8E7E6564A4D0FBC90
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys 3371D21011695B16333A3934340C4E7C
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys DDAD5A7AB24D8B65F8D724F5C20FD806
C:\Windows\system32\drivers\termdd.sys 561E7E1F06895D78DE991E01DD0FB6E5
C:\Windows\System32\DRIVERS\tssecsrv.sys CE18B2CDFC837C99E5FAE9CA6CBA5D30
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\System32\DRIVERS\tunnel.sys 3566A8DAAFA27AF944F5D705EAA64894
C:\Windows\system32\DRIVERS\uagp35.sys B4DD609BD7E282BFC683CEC7EAAAAD67
C:\Windows\System32\DRIVERS\udfs.sys FF4232A1A64012BAA1FD97C7B67DF593
C:\Windows\system32\drivers\uliagpkx.sys 4BFE1BC28391222894CBF1E7D0E42320
C:\Windows\System32\DRIVERS\umbus.sys DC54A574663A895C8763AF0FA1FF7561
C:\Windows\system32\DRIVERS\umpass.sys B2E8E8CB557B156DA5493BBDDCC1474D
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys AF0892A803FDDA7492F595368E3B68E7
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\DRIVERS\usbprint.sys 73188F58FB384E75C4063D29413CEE3D
C:\Windows\System32\DRIVERS\usb80236.sys 2C42E595E7E381596B9A14F88F5AE027
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\drivers\vdrvroot.sys C5C876CCFC083FF3B128F933823E87BD
C:\Windows\System32\DRIVERS\vgapnp.sys DA4DA3F5E02943C2DC8C6ED875DE68DD
C:\Windows\System32\drivers\vga.sys 53E92A310193CB3C03BEA963DE7D9CFC
C:\Windows\system32\drivers\vhdmp.sys 2CE2DF28C83AEAF30084E1B1EB253CBB
C:\Windows\system32\drivers\viaide.sys E5689D93FFE4E5D66C0178761240DD54
C:\Windows\System32\drivers\vmbus.sys 86EA3E79AE350FEA5331A1303054005F
C:\Windows\system32\drivers\VMBusHID.sys 7DE90B48F210D29649380545DB45A187
C:\Windows\System32\drivers\volmgr.sys D2AAFD421940F640B407AEFAAEBD91B0
C:\Windows\System32\drivers\volmgrx.sys A255814907C89BE58B79EF2F189B843B
C:\Windows\System32\drivers\volsnap.sys 0D08D2F3B3FF84E433346669B5E0F639
C:\Windows\system32\DRIVERS\vsmraid.sys 5E2016EA6EBACA03C04FEAC5F330D997
C:\Windows\System32\DRIVERS\vwifibus.sys 36D4720B72B5C5D9CB2B9C29E9DF67A1
C:\Windows\System32\DRIVERS\vwififlt.sys 6A3D66263414FF0D6FA754C646612F3F
C:\Windows\System32\DRIVERS\vwifimp.sys 6A638FC4BFDDC4D9B186C28C91BD1A01
C:\Windows\system32\DRIVERS\wacompen.sys 4E9440F4F152A7B944CB1663D3935A3E
C:\Windows\System32\DRIVERS\wanarp.sys 356AFD78A6ED4457169241AC3965230C
C:\Windows\System32\DRIVERS\wanarp.sys 356AFD78A6ED4457169241AC3965230C
C:\Windows\system32\DRIVERS\wd.sys 72889E16FF12BA0F235467D6091B17DC
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys 611B23304BF067451A9FDEE01FBDD725
C:\Windows\System32\drivers\wimmount.sys 05ECAEC3E4529A7153B3136CEB49F0EC
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys F6FF8944478594D0E414D3F048F0D778
C:\Windows\system32\drivers\ws2ifsl.sys 6BCC1D7D2FD2453957C5479A32364E52
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys 64F88AF327AA74E03658AE32B48CCB8B
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-14 15:54 - 2014-12-14 15:54 - 00000000 ____D () C:\FRST
2014-12-14 14:02 - 2014-12-14 14:02 - 00000000 ____D () C:\Windows\pss
2014-12-13 16:48 - 2014-12-13 16:48 - 00356352 ____T () C:\ProgramData\83871218D.zot
2014-12-13 16:31 - 2014-12-13 16:32 - 00114688 _____ (Microsoft Corporation) C:\ProgramData\D81217838.cpp
2014-12-07 16:14 - 2014-12-14 13:45 - 00016411 _____ () C:\Users\Blub\Desktop\DAYLIES.ods
2014-12-02 20:17 - 2014-12-02 20:17 - 00000000 ___HD () C:\Windows\AxInstSV
2014-12-02 10:46 - 2014-12-02 10:46 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\Oracle
2014-12-01 23:22 - 2014-12-01 23:22 - 00000158 _____ () C:\Users\Blub\Desktop\Weihnachten.txt
2014-11-25 13:48 - 2014-11-25 13:49 - 00350720 ____T () C:\ProgramData\348DC8F2E.zot
2014-11-25 10:06 - 2014-11-17 23:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2014-11-25 10:06 - 2014-11-17 23:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2014-11-25 10:06 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434475.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434475.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00451216 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstusb.sys
2014-11-25 10:06 - 2014-11-13 01:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2014-11-25 09:47 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2014-11-25 09:20 - 2014-11-25 09:20 - 00000000 ____D () C:\Users\Blub\.android
2014-11-24 14:13 - 2014-11-24 14:13 - 00000000 ____D () C:\Program Files\DIFX
2014-11-24 14:12 - 2014-11-24 14:46 - 00008856 _____ () C:\Windows\DPINST.LOG
2014-11-24 13:37 - 2014-11-24 13:37 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-11-23 16:46 - 2014-11-26 09:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-11-23 16:46 - 2014-11-23 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 16:46 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-11-23 16:46 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-11-23 16:46 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-11-20 16:26 - 2014-11-23 17:00 - 00000000 ____D () C:\ProgramData\PamuGeqit
2014-11-20 16:26 - 2014-11-23 16:55 - 00000000 ____D () C:\ProgramData\UesibIggoc
2014-11-20 16:25 - 2014-11-20 16:26 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-16 17:34 - 2014-12-14 15:14 - 00588910 _____ () C:\Program Files\TeamViewer9_Logfile.log
2014-11-16 17:34 - 2014-12-04 08:45 - 01048614 _____ () C:\Program Files\TeamViewer9_Logfile_OLD.log
2014-11-16 17:34 - 2014-11-16 17:34 - 00000691 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-11-16 17:34 - 2014-11-16 17:34 - 00000000 ____D () C:\Program Files\x64
2014-11-16 17:34 - 2014-11-16 17:34 - 00000000 ____D () C:\Program Files\outlook
2014-11-16 17:34 - 2014-11-16 17:33 - 00000053 _____ () C:\Program Files\tvinfo.ini
2014-11-16 17:34 - 2014-09-12 19:56 - 00465440 _____ (TeamViewer) C:\Program Files\uninstall.exe
2014-11-16 17:34 - 2014-09-12 19:15 - 00383760 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_Resource_de.dll
2014-11-16 17:34 - 2014-09-12 19:15 - 00346896 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_Resource_en.dll
2014-11-16 17:34 - 2014-09-12 19:14 - 13559056 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer.exe
2014-11-16 17:34 - 2014-09-12 19:14 - 04812048 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_Desktop.exe
2014-11-16 17:34 - 2014-09-12 19:14 - 04799760 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_Service.exe
2014-11-16 17:34 - 2014-09-12 19:14 - 03052304 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_StaticRes.dll
2014-11-16 17:34 - 2014-09-12 19:00 - 00271632 _____ (TeamViewer GmbH) C:\Program Files\tv_x64.dll
2014-11-16 17:34 - 2014-09-12 19:00 - 00264464 _____ (TeamViewer GmbH) C:\Program Files\tv_x64.exe
2014-11-16 17:34 - 2014-09-12 19:00 - 00246544 _____ (TeamViewer GmbH) C:\Program Files\tv_w32.dll
2014-11-16 17:34 - 2014-09-12 19:00 - 00229648 _____ (TeamViewer GmbH) C:\Program Files\tv_w32.exe
2014-11-16 17:34 - 2013-11-26 09:17 - 00035492 _____ () C:\Program Files\Lizenz.txt
2014-11-16 17:34 - 2013-10-17 16:32 - 00021029 _____ () C:\Program Files\CopyRights.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-14 15:14 - 2012-06-30 14:04 - 01366381 _____ () C:\Windows\WindowsUpdate.log
2014-12-14 14:28 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 14:28 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 14:21 - 2009-07-14 05:51 - 00156319 _____ () C:\Windows\setupact.log
2014-12-14 14:20 - 2012-07-17 14:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-14 14:12 - 2012-09-04 06:56 - 00000000 ____D () C:\temp
2014-12-13 17:12 - 2013-10-31 00:30 - 00000000 ____D () C:\Users\Blub\AppData\Local\Battle.net
2014-12-12 09:11 - 2013-04-10 13:29 - 00000000 ____D () C:\Users\Blub\AppData\Local\Adobe
2014-12-12 07:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64
2014-12-05 16:35 - 2013-10-31 00:30 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\Battle.net
2014-12-03 23:53 - 2013-03-10 18:30 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\vlc
2014-11-28 10:41 - 2012-07-02 09:32 - 00105398 _____ () C:\Windows\PFRO.log
2014-11-27 15:23 - 2009-07-14 04:20 - 00000000 ___RD () C:\Program Files (x86)
2014-11-26 14:45 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-25 10:11 - 2012-07-01 22:08 - 00731964 _____ () C:\Windows\System32\perfh010.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00716518 _____ () C:\Windows\System32\perfh019.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00648600 _____ () C:\Windows\System32\perfh01F.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00408696 _____ () C:\Windows\System32\perfh011.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00375868 _____ () C:\Windows\System32\prfh0804.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00150824 _____ () C:\Windows\System32\perfc019.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00146828 _____ () C:\Windows\System32\perfc010.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00139982 _____ () C:\Windows\System32\perfc01F.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00122082 _____ () C:\Windows\System32\perfc011.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00119574 _____ () C:\Windows\System32\prfc0804.dat
2014-11-25 10:11 - 2009-07-14 06:13 - 05888878 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-25 09:48 - 2012-07-02 08:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-25 09:20 - 2012-06-30 14:14 - 00000000 ____D () C:\users\Blub
2014-11-24 17:05 - 2013-05-29 19:07 - 00000000 ____D () C:\Users\Blub\Desktop\Julie UNI
2014-11-24 16:28 - 2013-10-31 10:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-23 21:14 - 2013-03-10 18:32 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-23 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-17 23:18 - 2014-06-25 09:33 - 01538880 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2014-11-17 06:48 - 2012-07-01 16:47 - 00064416 _____ () C:\Users\Blub\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-17 06:47 - 2009-07-14 05:45 - 00296776 _____ () C:\Windows\System32\FNTCACHE.DAT
Some content of TEMP:
====================
C:\Users\Blub\AppData\Local\Temp\2Xfo.dll
C:\Users\Blub\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Blub\AppData\Local\Temp\nvStInst.exe
C:\Users\Blub\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe
[2012-07-01 17:15] - [2011-02-25 07:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\System32\winlogon.exe
[2012-07-02 08:22] - [2010-11-20 14:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457
C:\Windows\System32\wininit.exe
[2009-07-14 00:52] - [2009-07-14 02:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\System32\svchost.exe
[2009-07-14 00:31] - [2009-07-14 02:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\User32.dll
[2012-07-02 08:22] - [2010-11-20 14:27] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B
C:\Windows\System32\userinit.exe
[2012-07-02 08:21] - [2010-11-20 14:25] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53
C:\Windows\System32\rpcss.dll
[2012-07-02 08:22] - [2010-11-20 14:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2012-07-02 08:22] - [2010-11-20 14:34] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
==================== Restore Points =========================
Restore point made on: 2014-12-01 13:08:27
Restore point made on: 2014-12-04 19:46:27
Restore point made on: 2014-12-08 19:18:41
Restore point made on: 2014-12-12 07:25:40
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
resumeobject {d7f68d2e-27d2-11df-9554-97b0832c81f5}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {d7f68d28-27d2-11df-9554-97b0832c81f5}
device ramdisk=[C:]\Recovery\d7f68d28-27d2-11df-9554-97b0832c81f5\Winre.wim,{d7f68d29-27d2-11df-9554-97b0832c81f5}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\d7f68d28-27d2-11df-9554-97b0832c81f5\Winre.wim,{d7f68d29-27d2-11df-9554-97b0832c81f5}
systemroot \windows
nx OptIn
winpe Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {d7f68d2c-27d2-11df-9554-97b0832c81f5}
device ramdisk=[C:]\Recovery\d7f68d2c-27d2-11df-9554-97b0832c81f5\Winre.wim,{d7f68d2d-27d2-11df-9554-97b0832c81f5}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\d7f68d2c-27d2-11df-9554-97b0832c81f5\Winre.wim,{d7f68d2d-27d2-11df-9554-97b0832c81f5}
systemroot \windows
nx OptIn
winpe Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {d7f68d30-27d2-11df-9554-97b0832c81f5}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {d7f68d2e-27d2-11df-9554-97b0832c81f5}
nx OptIn
Windows-Startladeprogramm
-------------------------
Bezeichner {d7f68d30-27d2-11df-9554-97b0832c81f5}
device ramdisk=[C:]\Recovery\d7f68d30-27d2-11df-9554-97b0832c81f5\Winre.wim,{d7f68d31-27d2-11df-9554-97b0832c81f5}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\d7f68d30-27d2-11df-9554-97b0832c81f5\Winre.wim,{d7f68d31-27d2-11df-9554-97b0832c81f5}
systemroot \windows
nx OptIn
winpe Yes
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {d7f68d2e-27d2-11df-9554-97b0832c81f5}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows-Speicherdiagnose
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {d7f68d29-27d2-11df-9554-97b0832c81f5}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\d7f68d28-27d2-11df-9554-97b0832c81f5\boot.sdi
Ger„teoptionen
--------------
Bezeichner {d7f68d2d-27d2-11df-9554-97b0832c81f5}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\d7f68d2c-27d2-11df-9554-97b0832c81f5\boot.sdi
Ger„teoptionen
--------------
Bezeichner {d7f68d31-27d2-11df-9554-97b0832c81f5}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\d7f68d30-27d2-11df-9554-97b0832c81f5\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 5%
Total physical RAM: 12279.12 MB
Available physical RAM: 11648.25 MB
Total Pagefile: 12277.39 MB
Available Pagefile: 11663.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.48 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.19 GB) (Free:46.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:22.54 GB) (Free:22.45 GB) NTFS
Drive f: (Win7_AIO_PRE) (CDROM) (Total:3.44 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Lokaler Datenträger) (Fixed) (Total:931.51 GB) (Free:835.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 87F91105)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 139.7 GB) (Disk ID: 45D2117B)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=22.5 GB) - (Type=OF Extended)
========================================================
Disk: 2 (Size: 976 MB) (Disk ID: 0013231B)
Partition 1: (Active) - (Size=976 MB) - (Type=0B)
LastRegBack: 2014-12-05 14:45
==================== End Of Log ============================
--- --- --- |
|
14.12.2014, 23:38
| #4 |
| /// the machine /// TB-Ausbilder | BKA Trojaner sperrt PC Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Blub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\83871218D.lnk
ShortcutTarget: 83871218D.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\83871218D.zot [356352 2014-12-13] ()
C:\ProgramData\83871218D.zot
C:\ProgramData\D81217838.cpp
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten. Dann im normalen Modus: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.12.2014, 07:49
| #5 |
| | BKA Trojaner sperrt PC So ich hoffe alles richtig gemacht =) Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2014
Ran by SYSTEM at 2014-12-15 07:27:36 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Startup: C:\Users\Blub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\83871218D.lnk
ShortcutTarget: 83871218D.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\83871218D.zot [356352 2014-12-13] ()
C:\ProgramData\83871218D.zot
C:\ProgramData\D81217838.cpp
*****************
C:\Users\Blub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\83871218D.lnk => Moved successfully.
C:\Windows\System32\regsvr32.exe => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\83871218D.zot => Moved successfully.
C:\ProgramData\D81217838.cpp => Moved successfully.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Blub (administrator) on BLUB-PC on 15-12-2014 07:41:21
Running from C:\Users\Blub\Desktop
Loaded Profile: Blub (Available profiles: Blub)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-954819885-3130346551-584068455-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-954819885-3130346551-584068455-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\webde-suche.xml
FF Extension: WEB.DE MailCheck - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\toolbar@web.de [2014-11-28]
FF Extension: ProxTube - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: SQLite Manager - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2014-11-25]
FF Extension: FlashGot - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-12-02]
FF Extension: Adblock Plus - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 TeamViewer9; C:\Program Files\TeamViewer_Service.exe [4799760 2014-09-12] (TeamViewer GmbH)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-07] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-15 07:41 - 2014-12-15 07:41 - 00009483 _____ () C:\Users\Blub\Desktop\FRST.txt
2014-12-15 07:40 - 2014-12-15 07:40 - 02119168 _____ (Farbar) C:\Users\Blub\Desktop\FRST64.exe
2014-12-14 15:54 - 2014-12-15 07:41 - 00000000 ____D () C:\FRST
2014-12-14 14:02 - 2014-12-14 14:02 - 00000000 ____D () C:\Windows\pss
2014-12-07 16:14 - 2014-12-14 13:45 - 00016411 _____ () C:\Users\Blub\Desktop\DAYLIES.ods
2014-12-02 20:17 - 2014-12-02 20:17 - 00000000 ___HD () C:\Windows\AxInstSV
2014-12-02 10:46 - 2014-12-02 10:46 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\Oracle
2014-12-01 23:22 - 2014-12-01 23:22 - 00000158 _____ () C:\Users\Blub\Desktop\Weihnachten.txt
2014-11-25 13:48 - 2014-11-25 13:49 - 00350720 ____T () C:\ProgramData\348DC8F2E.zot
2014-11-25 10:09 - 2014-11-25 10:09 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-25 10:09 - 2014-11-12 21:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-25 10:06 - 2014-11-17 23:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-25 10:06 - 2014-11-17 23:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-25 10:06 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00451216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstusb.sys
2014-11-25 10:06 - 2014-11-13 01:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-25 09:47 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-25 09:47 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-25 09:20 - 2014-11-25 09:20 - 00000000 ____D () C:\Users\Blub\.android
2014-11-24 16:27 - 2014-11-24 16:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-24 16:27 - 2014-11-24 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-24 16:27 - 2014-11-24 16:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-24 14:13 - 2014-11-24 14:13 - 00000000 ____D () C:\Program Files\DIFX
2014-11-24 14:12 - 2014-11-24 14:46 - 00008856 _____ () C:\Windows\DPINST.LOG
2014-11-24 13:37 - 2014-11-24 13:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-11-23 16:46 - 2014-11-26 09:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-23 16:46 - 2014-11-23 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 16:46 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-23 16:46 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-23 16:46 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-23 16:33 - 2014-11-23 16:33 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-23 16:25 - 2014-12-10 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-20 16:26 - 2014-11-23 17:00 - 00000000 ____D () C:\ProgramData\PamuGeqit
2014-11-20 16:26 - 2014-11-23 16:55 - 00000000 ____D () C:\ProgramData\UesibIggoc
2014-11-20 16:25 - 2014-11-20 16:26 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-16 17:34 - 2014-12-15 07:37 - 00627300 _____ () C:\Program Files\TeamViewer9_Logfile.log
2014-11-16 17:34 - 2014-12-04 08:45 - 01048614 _____ () C:\Program Files\TeamViewer9_Logfile_OLD.log
2014-11-16 17:34 - 2014-11-16 17:34 - 00000703 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-11-16 17:34 - 2014-11-16 17:34 - 00000691 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-11-16 17:34 - 2014-11-16 17:34 - 00000000 ____D () C:\Program Files\x64
2014-11-16 17:34 - 2014-11-16 17:34 - 00000000 ____D () C:\Program Files\outlook
2014-11-16 17:34 - 2014-11-16 17:33 - 00000053 _____ () C:\Program Files\tvinfo.ini
2014-11-16 17:34 - 2014-09-12 19:56 - 00465440 _____ (TeamViewer) C:\Program Files\uninstall.exe
2014-11-16 17:34 - 2014-09-12 19:15 - 00383760 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_Resource_de.dll
2014-11-16 17:34 - 2014-09-12 19:15 - 00346896 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_Resource_en.dll
2014-11-16 17:34 - 2014-09-12 19:14 - 13559056 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer.exe
2014-11-16 17:34 - 2014-09-12 19:14 - 04812048 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_Desktop.exe
2014-11-16 17:34 - 2014-09-12 19:14 - 04799760 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_Service.exe
2014-11-16 17:34 - 2014-09-12 19:14 - 03052304 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_StaticRes.dll
2014-11-16 17:34 - 2014-09-12 19:00 - 00271632 _____ (TeamViewer GmbH) C:\Program Files\tv_x64.dll
2014-11-16 17:34 - 2014-09-12 19:00 - 00264464 _____ (TeamViewer GmbH) C:\Program Files\tv_x64.exe
2014-11-16 17:34 - 2014-09-12 19:00 - 00246544 _____ (TeamViewer GmbH) C:\Program Files\tv_w32.dll
2014-11-16 17:34 - 2014-09-12 19:00 - 00229648 _____ (TeamViewer GmbH) C:\Program Files\tv_w32.exe
2014-11-16 17:34 - 2013-11-26 09:17 - 00035492 _____ () C:\Program Files\Lizenz.txt
2014-11-16 17:34 - 2013-10-17 16:32 - 00021029 _____ () C:\Program Files\CopyRights.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-15 07:41 - 2012-06-30 14:04 - 01412633 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 07:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 07:37 - 2009-07-14 05:51 - 00156487 _____ () C:\Windows\setupact.log
2014-12-15 07:36 - 2012-07-17 14:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-14 14:28 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 14:28 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 14:12 - 2012-09-04 06:56 - 00000000 ____D () C:\temp
2014-12-13 17:12 - 2013-10-31 00:30 - 00000000 ____D () C:\Users\Blub\AppData\Local\Battle.net
2014-12-12 09:12 - 2012-07-01 17:15 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 09:12 - 2012-07-01 17:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 09:11 - 2013-04-10 13:29 - 00000000 ____D () C:\Users\Blub\AppData\Local\Adobe
2014-12-12 07:17 - 2013-04-10 13:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-05 16:35 - 2013-10-31 00:30 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\Battle.net
2014-12-03 23:53 - 2013-03-10 18:30 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\vlc
2014-12-02 10:46 - 2012-07-17 21:48 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-28 10:41 - 2012-07-02 09:32 - 00105398 _____ () C:\Windows\PFRO.log
2014-11-26 14:45 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-26 09:13 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
2014-11-25 10:11 - 2012-07-01 22:08 - 00731964 _____ () C:\Windows\system32\perfh010.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00716518 _____ () C:\Windows\system32\perfh019.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00648600 _____ () C:\Windows\system32\perfh01F.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00598906 _____ () C:\Windows\system32\perfh008.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00408696 _____ () C:\Windows\system32\perfh011.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00375868 _____ () C:\Windows\system32\prfh0804.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00150824 _____ () C:\Windows\system32\perfc019.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00146828 _____ () C:\Windows\system32\perfc010.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00139982 _____ () C:\Windows\system32\perfc01F.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00122082 _____ () C:\Windows\system32\perfc011.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00119574 _____ () C:\Windows\system32\prfc0804.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00111110 _____ () C:\Windows\system32\perfc008.dat
2014-11-25 10:11 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-25 10:11 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-25 10:11 - 2009-07-14 06:13 - 05888878 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 10:09 - 2012-07-17 15:05 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-25 09:48 - 2012-07-02 08:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-25 09:20 - 2012-06-30 14:14 - 00000000 ____D () C:\Users\Blub
2014-11-24 17:05 - 2013-05-29 19:07 - 00000000 ____D () C:\Users\Blub\Desktop\Julie UNI
2014-11-24 16:28 - 2013-10-31 10:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-23 21:14 - 2013-03-10 18:32 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-23 21:14 - 2013-03-10 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-23 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-17 23:18 - 2014-06-25 09:33 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-17 06:48 - 2012-07-01 16:47 - 00064416 _____ () C:\Users\Blub\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-17 06:47 - 2009-07-14 05:45 - 00296776 _____ () C:\Windows\system32\FNTCACHE.DAT
Some content of TEMP:
====================
C:\Users\Blub\AppData\Local\Temp\2Xfo.dll
C:\Users\Blub\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Blub\AppData\Local\Temp\nvStInst.exe
C:\Users\Blub\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-05 14:45
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Blub at 2014-12-15 07:42:06
Running from C:\Users\Blub\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
ffdshow v1.1.3892 [2011-06-20] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3892.0 - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.43.605 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.43.605 - DVDVideoSoft Ltd.)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.219.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-954819885-3130346551-584068455-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{b64ca997-b626-4abb-a046-5ca2d92ed659}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyFreeCodec (HKU\S-1-5-21-954819885-3130346551-584068455-1000\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Video Player (HKLM-x32\...\{244FB715-13C4-4C85-BEB6-6C1ABB29D8B1}) (Version: 1.7.5 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stereoscopic Player (HKLM-x32\...\{D6E0A2B3-7EA5-40BC-8AA6-5F9BDAF845AE}) (Version: 1.9.0 - 3dtv.at)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
01-12-2014 12:07:51 Windows Update
04-12-2014 18:45:58 Windows Update
08-12-2014 18:18:06 Windows Update
12-12-2014 06:25:07 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {24D37BCE-698B-4FC1-88D1-43935829D328} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe
Task: {5707F24D-659B-4132-B4FC-772E7E2F2B1E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {60E093BE-828A-4D60-B1B3-85ED5A3D68D1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe
Task: {ADA73E53-3E9B-4604-8ECA-D953D5068CCE} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {BE4D5893-4419-4814-9B56-E497785E7E86} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) =============
2012-07-17 15:04 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Blub^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^83871218D.lnk => C:\Windows\pss\83871218D.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Spiele\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-954819885-3130346551-584068455-500 - Administrator - Disabled)
Blub (S-1-5-21-954819885-3130346551-584068455-1000 - Administrator - Enabled) => C:\Users\Blub
Gast (S-1-5-21-954819885-3130346551-584068455-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-954819885-3130346551-584068455-1005 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/14/2014 02:26:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 3.1.2000.0, Zeitstempel: 0x545adf9d
Name des fehlerhaften Moduls: nvstreamsvc.exe, Version: 3.1.2000.0, Zeitstempel: 0x545adf9d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000049ed79
ID des fehlerhaften Prozesses: 0xbc4
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Error: (12/14/2014 01:54:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.
Details:
Could not query the status of the EventSystem service.
System Error:
Der Computer wird heruntergefahren.
.
Error: (12/14/2014 01:26:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]
Error: (12/12/2014 07:16:02 AM) (Source: MsiInstaller) (EventID: 1024) (User: Blub-PC)
Description: Produkt: Adobe Reader XI (11.0.09) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011010}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/11/2014 07:07:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: senddoc.exe, Version: 0.0.0.0, Zeitstempel: 0x50250b17
Name des fehlerhaften Moduls: smapi.dll, Version: 16.4.3508.205, Zeitstempel: 0x5111fa6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000886f
ID des fehlerhaften Prozesses: 0x2764
Startzeit der fehlerhaften Anwendung: 0xsenddoc.exe0
Pfad der fehlerhaften Anwendung: senddoc.exe1
Pfad des fehlerhaften Moduls: senddoc.exe2
Berichtskennung: senddoc.exe3
Error: (12/10/2014 07:04:07 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (12/10/2014 07:04:07 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (12/10/2014 07:04:07 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (12/06/2014 10:05:01 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (12/06/2014 10:05:01 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
System errors:
=============
Error: (12/14/2014 02:56:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (12/14/2014 02:55:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (12/14/2014 02:55:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (12/14/2014 02:54:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (12/14/2014 02:54:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (12/14/2014 02:53:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (12/14/2014 02:53:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (12/14/2014 02:52:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (12/14/2014 02:52:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (12/14/2014 02:51:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Microsoft Office Sessions:
=========================
Error: (12/14/2014 02:26:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe3.1.2000.0545adf9dnvstreamsvc.exe3.1.2000.0545adf9dc0000005000000000049ed79bc401d017a0ec253281C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeda7d9a35-8394-11e4-8462-00248c0f0d68
Error: (12/14/2014 01:54:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.
System Error:
Der Computer wird heruntergefahren.
Error: (12/14/2014 01:26:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]
Error: (12/12/2014 07:16:02 AM) (Source: MsiInstaller) (EventID: 1024) (User: Blub-PC)
Description: Adobe Reader XI (11.0.09) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)
Error: (12/11/2014 07:07:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: senddoc.exe0.0.0.050250b17smapi.dll16.4.3508.2055111fa6ec00000050000886f276401d0156d56d0ea75C:\Program Files (x86)\OpenOffice.org 3\Basis\program\senddoc.exeC:\Program Files (x86)\Windows Live\Mail\smapi.dll9a26bac6-8160-11e4-aa8d-00248c0f0d68
Error: (12/10/2014 07:04:07 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (12/10/2014 07:04:07 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (12/10/2014 07:04:07 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (12/06/2014 10:05:01 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (12/06/2014 10:05:01 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 20%
Total physical RAM: 12279.12 MB
Available physical RAM: 9712.18 MB
Total Pagefile: 24556.42 MB
Available Pagefile: 21981.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.19 GB) (Free:46.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:22.54 GB) (Free:22.45 GB) NTFS
Drive f: (Lokaler Datenträger) (Fixed) (Total:931.51 GB) (Free:835.06 GB) NTFS
Drive g: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 87F91105)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 139.7 GB) (Disk ID: 45D2117B)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=22.5 GB) - (Type=OF Extended)
========================================================
Disk: 2 (Size: 976 MB) (Disk ID: 0013231B)
Partition 1: (Active) - (Size=976 MB) - (Type=0B)
==================== End Of Log ============================
|
|
15.12.2014, 20:06
| #6 |
| /// the machine /// TB-Ausbilder | BKA Trojaner sperrt PC hi, Scan mit Combofix
__________________ --> BKA Trojaner sperrt PC |
|
16.12.2014, 16:18
| #7 |
| | BKA Trojaner sperrt PC Hi, Also ich habe meine Windows Firewall und Microsoft Security Essentials deaktiviert. Dann Combofix gestartet und es hat sich nicht beschwert das noch ein Programm lief  Nach einem Rechner Neustart kam auch keine Fehlermeldung. Combofix: Code:
ATTFilter ComboFix 14-12-14.01 - Blub 16.12.2014 15:56:52.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.12279.9708 [GMT 1:00]
ausgeführt von:: c:\users\Blub\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\348DC8F2E.zot
c:\windows\SysWow64\SET6151.tmp
c:\windows\SysWow64\SET7E3A.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-16 bis 2014-12-16 ))))))))))))))))))))))))))))))
.
.
2014-12-16 15:01 . 2014-12-16 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-16 14:53 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A032DB18-20A9-492B-9774-A5C4442D5205}\mpengine.dll
2014-12-15 06:50 . 2014-12-15 06:49 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D54B6B0E-8C86-4CA0-8D4C-505D4D230BBA}\gapaengine.dll
2014-12-15 06:50 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-14 14:54 . 2014-12-15 06:42 -------- d-----w- C:\FRST
2014-12-02 19:17 . 2014-12-02 19:17 -------- d--h--w- c:\windows\AxInstSV
2014-12-02 09:46 . 2014-12-02 09:46 -------- d-----w- c:\users\Blub\AppData\Roaming\Oracle
2014-11-25 09:09 . 2014-11-25 09:09 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-11-25 09:09 . 2014-11-12 20:46 615624 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-11-25 08:47 . 2014-10-03 19:23 38216 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-11-25 08:47 . 2014-10-03 19:23 32584 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-11-25 08:20 . 2014-11-25 08:20 -------- d-----w- c:\users\Blub\.android
2014-11-24 15:28 . 2014-11-24 15:28 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-11-24 15:27 . 2014-11-24 15:27 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-24 15:27 . 2014-11-24 15:27 -------- d-----w- c:\program files (x86)\Java
2014-11-24 13:13 . 2014-11-24 13:13 -------- d-----w- c:\program files\DIFX
2014-11-23 15:46 . 2014-11-26 08:27 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-23 15:46 . 2014-11-23 15:46 -------- d-----w- c:\programdata\Malwarebytes
2014-11-23 15:46 . 2014-10-01 10:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-23 15:46 . 2014-10-01 10:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-23 15:46 . 2014-10-01 10:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-20 15:26 . 2014-11-23 15:55 -------- d-----w- c:\programdata\UesibIggoc
2014-11-20 15:26 . 2014-11-23 16:00 -------- d-----w- c:\programdata\PamuGeqit
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-12 08:12 . 2012-07-01 16:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-12 08:12 . 2012-07-01 16:15 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-17 22:18 . 2014-06-25 08:33 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-11-13 00:20 . 2014-06-25 08:33 1540424 ----a-w- c:\windows\system32\nvir3dgenco64.dll
2014-11-13 00:20 . 2014-04-13 12:05 989056 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-11-13 00:20 . 2014-04-13 12:05 18514616 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-11-13 00:20 . 2013-11-19 11:00 16884632 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-11-13 00:20 . 2012-07-17 14:01 3262784 ----a-w- c:\windows\system32\nvapi64.dll
2014-11-13 00:20 . 2009-07-13 21:59 20986592 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-11-12 21:56 . 2012-07-17 14:04 6897352 ----a-w- c:\windows\system32\nvcpl.dll
2014-11-12 21:56 . 2012-07-17 14:04 3534152 ----a-w- c:\windows\system32\nvsvc64.dll
2014-11-12 21:56 . 2012-07-17 14:04 934032 ----a-w- c:\windows\system32\nvvsvc.exe
2014-11-12 21:56 . 2012-07-17 14:04 62608 ----a-w- c:\windows\system32\nvshext.dll
2014-11-12 21:56 . 2012-07-17 14:04 386368 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-12 21:56 . 2012-07-17 14:04 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-11-11 10:29 . 2014-04-24 14:21 4100776 ----a-w- c:\windows\system32\nvcoproc.bin
2014-11-06 17:06 . 2014-06-25 08:16 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-11-06 17:06 . 2013-11-19 11:04 2197680 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-11-06 17:06 . 2014-06-25 08:16 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-11-06 17:06 . 2013-11-19 11:04 2800296 ----a-w- c:\windows\system32\nvspcap64.dll
2014-10-30 11:25 . 2012-07-01 16:01 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-03 19:23 . 2013-11-19 11:00 35144 ----a-w- c:\windows\system32\nvaudcap64v.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-29 16:24 220632 ----a-w- c:\users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-29 16:24 220632 ----a-w- c:\users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-29 16:24 220632 ----a-w- c:\users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer_Service.exe;c:\program files\TeamViewer_Service.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-29 16:24 244696 ----a-w- c:\users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-29 16:24 244696 ----a-w- c:\users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-29 16:24 244696 ----a-w- c:\users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Malwarebytes Anti-Malware_is1 - f:\spiele\ Malwarebytes Anti-Malware \unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-954819885-3130346551-584068455-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-954819885-3130346551-584068455-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-12-16 16:04:44
ComboFix-quarantined-files.txt 2014-12-16 15:04
.
Vor Suchlauf: 12 Verzeichnis(se), 49.241.481.216 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 50.041.892.864 Bytes frei
.
- - End Of File - - 2C286F51D8629608BA91DC187073E652
A36C5E4F47E84449FF07ED3517B43A31
|
|
16.12.2014, 21:49
| #8 |
| /// the machine /// TB-Ausbilder | BKA Trojaner sperrt PC Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.12.2014, 10:30
| #9 |
| | BKA Trojaner sperrt PC So alles ohne Probleme durchgelaufen. mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.12.2014 Suchlauf-Zeit: 10:06:04 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.17.01 Rootkit Datenbank: v2014.12.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Blub Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 371704 Verstrichene Zeit: 6 Min, 6 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner: Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 17/12/2014 um 10:16:03
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-16.1 [Live]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Blub - BLUB-PC
# Gestartet von : C:\Users\Blub\Desktop\AdwCleaner_4.105.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Blub\AppData\Roaming\RHEng
Datei Gelöscht : C:\Program Files\Uninstall.exe
Datei Gelöscht : C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\foxydeal.sqlite
Datei Gelöscht : C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\11-suche.xml
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16521
-\\ Mozilla Firefox v34.0.5 (x86 de)
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [2344 octets] - [17/12/2014 10:14:46]
AdwCleaner[S0].txt - [2148 octets] - [17/12/2014 10:16:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2208 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Blub on 17.12.2014 at 10:20:22,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Blub\AppData\Roaming\mozilla\firefox\profiles\h7ec93kx.default-1380231283965\extensions\toolbar@web.de
Emptied folder: C:\Users\Blub\AppData\Roaming\mozilla\firefox\profiles\h7ec93kx.default-1380231283965\minidumps [52 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.12.2014 at 10:22:26,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Blub (administrator) on BLUB-PC on 17-12-2014 10:24:40
Running from C:\Users\Blub\Desktop
Loaded Profile: Blub (Available profiles: Blub)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-954819885-3130346551-584068455-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-954819885-3130346551-584068455-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-954819885-3130346551-584068455-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\webde-suche.xml
FF Extension: ProxTube - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: SQLite Manager - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2014-11-25]
FF Extension: FlashGot - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-12-02]
FF Extension: Adblock Plus - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 TeamViewer9; C:\Program Files\TeamViewer_Service.exe [4799760 2014-09-12] (TeamViewer GmbH)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-07] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 10:22 - 2014-12-17 10:22 - 00000909 _____ () C:\Users\Blub\Desktop\JRT.txt
2014-12-17 10:20 - 2014-12-17 10:20 - 00000000 ____D () C:\Windows\ERUNT
2014-12-17 10:18 - 2014-12-17 10:16 - 00002304 _____ () C:\Users\Blub\Desktop\AdwCleaner[S0].txt
2014-12-17 10:14 - 2014-12-17 10:16 - 00000000 ____D () C:\AdwCleaner
2014-12-17 10:14 - 2014-12-17 10:14 - 00001200 _____ () C:\Users\Blub\Desktop\mbam.txt
2014-12-17 10:03 - 2014-12-17 10:03 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-17 10:03 - 2014-12-17 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-17 10:03 - 2014-12-17 10:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-16 21:55 - 2014-12-16 21:55 - 02166272 _____ () C:\Users\Blub\Desktop\AdwCleaner_4.105.exe
2014-12-16 21:55 - 2014-12-16 21:55 - 01707646 _____ (Thisisu) C:\Users\Blub\Desktop\JRT.exe
2014-12-16 21:54 - 2014-12-16 21:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Blub\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-16 16:11 - 2014-12-16 16:11 - 00019661 _____ () C:\Users\Blub\Desktop\Combofix_Per Hand.txt
2014-12-16 16:11 - 2014-12-16 16:04 - 00019661 _____ () C:\Users\Blub\Desktop\ComboFix.txt
2014-12-16 15:55 - 2014-12-16 16:04 - 00000000 ____D () C:\Qoobox
2014-12-16 15:55 - 2014-12-16 16:03 - 00000000 ____D () C:\Windows\erdnt
2014-12-16 15:55 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-16 15:55 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-16 15:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-16 15:51 - 2014-12-16 15:51 - 05601641 ____R (Swearware) C:\Users\Blub\Desktop\ComboFix.exe
2014-12-15 07:58 - 2014-12-14 15:58 - 00044129 _____ () C:\Users\Blub\Desktop\FRST_alt.txt
2014-12-15 07:42 - 2014-12-15 07:42 - 00020474 _____ () C:\Users\Blub\Desktop\Addition.txt
2014-12-15 07:41 - 2014-12-17 10:25 - 00010008 _____ () C:\Users\Blub\Desktop\FRST.txt
2014-12-15 07:40 - 2014-12-15 07:40 - 02119168 _____ (Farbar) C:\Users\Blub\Desktop\FRST64.exe
2014-12-14 15:54 - 2014-12-17 10:24 - 00000000 ____D () C:\FRST
2014-12-14 14:02 - 2014-12-14 14:02 - 00000000 ____D () C:\Windows\pss
2014-12-07 16:14 - 2014-12-17 03:00 - 00016001 _____ () C:\Users\Blub\Desktop\DAYLIES.ods
2014-12-02 20:17 - 2014-12-02 20:17 - 00000000 ___HD () C:\Windows\AxInstSV
2014-12-02 10:46 - 2014-12-02 10:46 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\Oracle
2014-12-01 23:22 - 2014-12-01 23:22 - 00000158 _____ () C:\Users\Blub\Desktop\Weihnachten.txt
2014-11-25 10:09 - 2014-11-25 10:09 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-25 10:09 - 2014-11-12 21:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-25 10:06 - 2014-11-17 23:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-25 10:06 - 2014-11-17 23:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-25 10:06 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00451216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstusb.sys
2014-11-25 10:06 - 2014-11-13 01:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-25 09:47 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-25 09:47 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-25 09:20 - 2014-11-25 09:20 - 00000000 ____D () C:\Users\Blub\.android
2014-11-24 16:27 - 2014-11-24 16:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-24 16:27 - 2014-11-24 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-24 16:27 - 2014-11-24 16:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-24 14:13 - 2014-11-24 14:13 - 00000000 ____D () C:\Program Files\DIFX
2014-11-24 14:12 - 2014-11-24 14:46 - 00008856 _____ () C:\Windows\DPINST.LOG
2014-11-24 13:37 - 2014-11-24 13:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-11-23 16:46 - 2014-12-17 10:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-23 16:46 - 2014-11-23 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 16:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-23 16:46 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-23 16:46 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-23 16:33 - 2014-11-23 16:33 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-23 16:25 - 2014-12-10 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-20 16:26 - 2014-11-23 17:00 - 00000000 ____D () C:\ProgramData\PamuGeqit
2014-11-20 16:26 - 2014-11-23 16:55 - 00000000 ____D () C:\ProgramData\UesibIggoc
2014-11-20 16:25 - 2014-11-20 16:26 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 10:24 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-17 10:24 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 10:21 - 2012-06-30 14:04 - 01791037 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 10:17 - 2014-11-16 17:34 - 00895805 _____ () C:\Program Files\TeamViewer9_Logfile.log
2014-12-17 10:17 - 2012-07-17 14:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-17 10:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 10:17 - 2009-07-14 05:51 - 00157327 _____ () C:\Windows\setupact.log
2014-12-17 10:16 - 2012-07-02 09:32 - 00106540 _____ () C:\Windows\PFRO.log
2014-12-17 03:00 - 2013-10-31 00:30 - 00000000 ____D () C:\Users\Blub\AppData\Local\Battle.net
2014-12-16 16:01 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-14 14:12 - 2012-09-04 06:56 - 00000000 ____D () C:\temp
2014-12-12 09:12 - 2012-07-01 17:15 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 09:12 - 2012-07-01 17:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 09:11 - 2013-04-10 13:29 - 00000000 ____D () C:\Users\Blub\AppData\Local\Adobe
2014-12-12 07:17 - 2013-04-10 13:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-05 16:35 - 2013-10-31 00:30 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\Battle.net
2014-12-04 08:45 - 2014-11-16 17:34 - 01048614 _____ () C:\Program Files\TeamViewer9_Logfile_OLD.log
2014-12-03 23:53 - 2013-03-10 18:30 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\vlc
2014-12-02 10:46 - 2012-07-17 21:48 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-26 14:45 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-26 09:13 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
2014-11-25 10:11 - 2012-07-01 22:08 - 00731964 _____ () C:\Windows\system32\perfh010.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00716518 _____ () C:\Windows\system32\perfh019.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00648600 _____ () C:\Windows\system32\perfh01F.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00598906 _____ () C:\Windows\system32\perfh008.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00408696 _____ () C:\Windows\system32\perfh011.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00375868 _____ () C:\Windows\system32\prfh0804.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00150824 _____ () C:\Windows\system32\perfc019.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00146828 _____ () C:\Windows\system32\perfc010.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00139982 _____ () C:\Windows\system32\perfc01F.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00122082 _____ () C:\Windows\system32\perfc011.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00119574 _____ () C:\Windows\system32\prfc0804.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00111110 _____ () C:\Windows\system32\perfc008.dat
2014-11-25 10:11 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-25 10:11 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-25 10:11 - 2009-07-14 06:13 - 05888878 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 10:09 - 2012-07-17 15:05 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-25 09:48 - 2012-07-02 08:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-25 09:20 - 2012-06-30 14:14 - 00000000 ____D () C:\Users\Blub
2014-11-24 17:05 - 2013-05-29 19:07 - 00000000 ____D () C:\Users\Blub\Desktop\Julie UNI
2014-11-24 16:28 - 2013-10-31 10:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-23 21:14 - 2013-03-10 18:32 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-23 21:14 - 2013-03-10 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-23 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-17 23:18 - 2014-06-25 09:33 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-17 06:48 - 2012-07-01 16:47 - 00064416 _____ () C:\Users\Blub\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-17 06:47 - 2009-07-14 05:45 - 00296776 _____ () C:\Windows\system32\FNTCACHE.DAT
Some content of TEMP:
====================
C:\Users\Blub\AppData\Local\Temp\Quarantine.exe
C:\Users\Blub\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-05 14:45
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Blub at 2014-12-17 10:25:45
Running from C:\Users\Blub\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
ffdshow v1.1.3892 [2011-06-20] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3892.0 - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.43.605 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.43.605 - DVDVideoSoft Ltd.)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.219.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-954819885-3130346551-584068455-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{b64ca997-b626-4abb-a046-5ca2d92ed659}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyFreeCodec (HKU\S-1-5-21-954819885-3130346551-584068455-1000\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Video Player (HKLM-x32\...\{244FB715-13C4-4C85-BEB6-6C1ABB29D8B1}) (Version: 1.7.5 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stereoscopic Player (HKLM-x32\...\{D6E0A2B3-7EA5-40BC-8AA6-5F9BDAF845AE}) (Version: 1.9.0 - 3dtv.at)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
01-12-2014 12:07:51 Windows Update
04-12-2014 18:45:58 Windows Update
08-12-2014 18:18:06 Windows Update
12-12-2014 06:25:07 Windows Update
15-12-2014 06:49:14 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-16 16:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {24D37BCE-698B-4FC1-88D1-43935829D328} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe
Task: {5707F24D-659B-4132-B4FC-772E7E2F2B1E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {60E093BE-828A-4D60-B1B3-85ED5A3D68D1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe
Task: {ADA73E53-3E9B-4604-8ECA-D953D5068CCE} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {BE4D5893-4419-4814-9B56-E497785E7E86} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) =============
2012-07-17 15:04 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Blub^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^83871218D.lnk => C:\Windows\pss\83871218D.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Spiele\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-954819885-3130346551-584068455-500 - Administrator - Disabled)
Blub (S-1-5-21-954819885-3130346551-584068455-1000 - Administrator - Enabled) => C:\Users\Blub
Gast (S-1-5-21-954819885-3130346551-584068455-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-954819885-3130346551-584068455-1005 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-16 16:01:11.678
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-16 16:01:11.397
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 14%
Total physical RAM: 12279.12 MB
Available physical RAM: 10472.38 MB
Total Pagefile: 24556.42 MB
Available Pagefile: 22709.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.19 GB) (Free:46.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:22.54 GB) (Free:22.45 GB) NTFS
Drive f: (Lokaler Datenträger) (Fixed) (Total:931.51 GB) (Free:833.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 87F91105)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 139.7 GB) (Disk ID: 45D2117B)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=22.5 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
17.12.2014, 20:57
| #10 |
| /// the machine /// TB-Ausbilder | BKA Trojaner sperrt PCESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.12.2014, 20:53
| #11 |
| | BKA Trojaner sperrt PC Hallo, so ich habe alles mal durchlaufen lassen jedoch habe ich den Rechner während der Zeit normal weiter genutzt. War das ok oder muss ich das nochmal machen wenn keine Programme geöffnet sind? (Ich habe nichts runtergeladen und Antiviren Software war auch deaktiviert) Eset Scan hat einiges gefunden. ESET-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e4e6557c81342749811187f708bb9e5f
# engine=21617
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-18 07:37:32
# local_time=2014-12-18 08:37:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 36133282 90225074 0 0
# scanned=291392
# found=32
# cleaned=0
# scan_time=6270
sh=275C6B59678D7352AC7C2A4BFF5F3BC607A5FA91 ft=1 fh=3c3f3600ebe9f899 vn="Variante von Win32/Kryptik.CSXR Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\D81217838.cpp.xBAD"
sh=B473A731A9B6B2857E4ECD0CF640E0987FC46F5F ft=1 fh=bbb962bc64d501a0 vn="Variante von Win64/Kryptik.HE Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\348DC8F2E.zot.vir"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\3lozfbt13fcuaawha2aegjbiamxdgnwnjythcjhrraqxc0snupaaadaa\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\3lozfbt13fcuaawha2aegjbiamxdgnwnjythcjhrraqxc0snupaaadaa\f\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\my3ll3adkskafthyputjx42ceadw20tbqc4hwgpbdoru1krzy2aaaeda\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\my3ll3adkskafthyputjx42ceadw20tbqc4hwgpbdoru1krzy2aaaeda\f\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\zr3ag3i33ux00yyhbstvsfvvdy3g53oycqvq5gswqbvdhn1dybaaadca\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\zr3ag3i33ux00yyhbstvsfvvdy3g53oycqvq5gswqbvdhn1dybaaadca\f\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\Deployment\DECRYPT_INSTRUCTION.HTML"
sh=5EB3DCEE7DECA4E5C72210E70182571B268333AF ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\128d8fca-5339009a"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\Deployment\SystemCache\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_05\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_07\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_09\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_13\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_17\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_21\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_25\DECRYPT_INSTRUCTION.HTML"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.235
Adobe Reader XI
Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Blub (administrator) on BLUB-PC on 18-12-2014 20:47:33
Running from C:\Users\Blub\Desktop
Loaded Profile: Blub (Available profiles: Blub)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Blizzard Entertainment) F:\Spiele\Battle.net\Battle.net.5191\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Blizzard Entertainment) F:\Spiele\World of Warcraft\Wow.exe
(Blizzard Entertainment) F:\Spiele\World of Warcraft\Utils\WowBrowserProxy.exe
(Microsoft) F:\Spiele\Nemesis\Nemesis.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-954819885-3130346551-584068455-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-954819885-3130346551-584068455-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-954819885-3130346551-584068455-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\webde-suche.xml
FF Extension: ProxTube - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: SQLite Manager - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2014-11-25]
FF Extension: FlashGot - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-12-02]
FF Extension: Adblock Plus - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 TeamViewer9; C:\Program Files\TeamViewer_Service.exe [4799760 2014-09-12] (TeamViewer GmbH)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-07] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-18 20:47 - 2014-12-18 20:47 - 00000843 _____ () C:\Users\Blub\Desktop\checkup.txt
2014-12-18 20:47 - 2014-12-18 20:47 - 00000000 ____D () C:\Users\Blub\Desktop\FRST-OlderVersion
2014-12-18 18:41 - 2014-12-18 18:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-18 18:37 - 2014-12-18 18:37 - 02347384 _____ (ESET) C:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
2014-12-18 18:37 - 2014-12-18 18:37 - 00852505 _____ () C:\Users\Blub\Desktop\SecurityCheck.exe
2014-12-17 10:26 - 2014-12-17 10:26 - 00024599 _____ () C:\Users\Blub\Desktop\FRST_neu.txt
2014-12-17 10:26 - 2014-12-17 10:26 - 00014414 _____ () C:\Users\Blub\Desktop\Addition_neu.txt
2014-12-17 10:22 - 2014-12-17 10:22 - 00000909 _____ () C:\Users\Blub\Desktop\JRT.txt
2014-12-17 10:20 - 2014-12-17 10:20 - 00000000 ____D () C:\Windows\ERUNT
2014-12-17 10:18 - 2014-12-17 10:16 - 00002304 _____ () C:\Users\Blub\Desktop\AdwCleaner[S0].txt
2014-12-17 10:14 - 2014-12-17 10:16 - 00000000 ____D () C:\AdwCleaner
2014-12-17 10:14 - 2014-12-17 10:14 - 00001200 _____ () C:\Users\Blub\Desktop\mbam.txt
2014-12-17 10:03 - 2014-12-17 10:03 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-17 10:03 - 2014-12-17 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-17 10:03 - 2014-12-17 10:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-16 21:55 - 2014-12-16 21:55 - 02166272 _____ () C:\Users\Blub\Desktop\AdwCleaner_4.105.exe
2014-12-16 21:55 - 2014-12-16 21:55 - 01707646 _____ (Thisisu) C:\Users\Blub\Desktop\JRT.exe
2014-12-16 21:54 - 2014-12-16 21:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Blub\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-16 16:11 - 2014-12-16 16:11 - 00019661 _____ () C:\Users\Blub\Desktop\Combofix_Per Hand.txt
2014-12-16 16:11 - 2014-12-16 16:04 - 00019661 _____ () C:\Users\Blub\Desktop\ComboFix.txt
2014-12-16 15:55 - 2014-12-16 16:04 - 00000000 ____D () C:\Qoobox
2014-12-16 15:55 - 2014-12-16 16:03 - 00000000 ____D () C:\Windows\erdnt
2014-12-16 15:55 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-16 15:55 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-16 15:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-16 15:51 - 2014-12-16 15:51 - 05601641 ____R (Swearware) C:\Users\Blub\Desktop\ComboFix.exe
2014-12-15 07:58 - 2014-12-14 15:58 - 00044129 _____ () C:\Users\Blub\Desktop\FRST_alt.txt
2014-12-15 07:42 - 2014-12-17 10:26 - 00014414 _____ () C:\Users\Blub\Desktop\Addition.txt
2014-12-15 07:41 - 2014-12-18 20:48 - 00010580 _____ () C:\Users\Blub\Desktop\FRST.txt
2014-12-15 07:40 - 2014-12-18 20:47 - 02121216 _____ (Farbar) C:\Users\Blub\Desktop\FRST64.exe
2014-12-14 15:54 - 2014-12-18 20:47 - 00000000 ____D () C:\FRST
2014-12-14 14:02 - 2014-12-14 14:02 - 00000000 ____D () C:\Windows\pss
2014-12-07 16:14 - 2014-12-18 17:23 - 00016061 _____ () C:\Users\Blub\Desktop\DAYLIES.ods
2014-12-02 20:17 - 2014-12-02 20:17 - 00000000 ___HD () C:\Windows\AxInstSV
2014-12-02 10:46 - 2014-12-02 10:46 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\Oracle
2014-12-01 23:22 - 2014-12-01 23:22 - 00000158 _____ () C:\Users\Blub\Desktop\Weihnachten.txt
2014-11-25 10:09 - 2014-11-25 10:09 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-25 10:09 - 2014-11-12 21:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-25 10:06 - 2014-11-17 23:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-25 10:06 - 2014-11-17 23:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-25 10:06 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00451216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstusb.sys
2014-11-25 10:06 - 2014-11-13 01:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-25 09:47 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-25 09:47 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-25 09:20 - 2014-11-25 09:20 - 00000000 ____D () C:\Users\Blub\.android
2014-11-24 16:27 - 2014-11-24 16:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-24 16:27 - 2014-11-24 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-24 16:27 - 2014-11-24 16:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-24 14:13 - 2014-11-24 14:13 - 00000000 ____D () C:\Program Files\DIFX
2014-11-24 14:12 - 2014-11-24 14:46 - 00008856 _____ () C:\Windows\DPINST.LOG
2014-11-24 13:37 - 2014-11-24 13:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-11-23 16:46 - 2014-12-17 10:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-23 16:46 - 2014-11-23 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 16:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-23 16:46 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-23 16:46 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-23 16:33 - 2014-11-23 16:33 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-23 16:25 - 2014-12-10 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-20 16:26 - 2014-11-23 17:00 - 00000000 ____D () C:\ProgramData\PamuGeqit
2014-11-20 16:26 - 2014-11-23 16:55 - 00000000 ____D () C:\ProgramData\UesibIggoc
2014-11-20 16:25 - 2014-11-20 16:26 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-18 20:46 - 2013-10-31 00:30 - 00000000 ____D () C:\Users\Blub\AppData\Local\Battle.net
2014-12-18 15:44 - 2012-06-30 14:04 - 01984614 _____ () C:\Windows\WindowsUpdate.log
2014-12-18 11:07 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-18 11:07 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-18 11:00 - 2014-11-16 17:34 - 00946981 _____ () C:\Program Files\TeamViewer9_Logfile.log
2014-12-18 11:00 - 2009-07-14 05:51 - 00157495 _____ () C:\Windows\setupact.log
2014-12-18 10:59 - 2012-07-17 14:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-18 10:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 13:02 - 2013-03-10 18:30 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\vlc
2014-12-17 10:16 - 2012-07-02 09:32 - 00106540 _____ () C:\Windows\PFRO.log
2014-12-16 16:01 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-14 14:12 - 2012-09-04 06:56 - 00000000 ____D () C:\temp
2014-12-12 09:12 - 2012-07-01 17:15 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 09:12 - 2012-07-01 17:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 09:11 - 2013-04-10 13:29 - 00000000 ____D () C:\Users\Blub\AppData\Local\Adobe
2014-12-12 07:17 - 2013-04-10 13:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-05 16:35 - 2013-10-31 00:30 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\Battle.net
2014-12-04 08:45 - 2014-11-16 17:34 - 01048614 _____ () C:\Program Files\TeamViewer9_Logfile_OLD.log
2014-12-02 10:46 - 2012-07-17 21:48 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-26 14:45 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-26 09:13 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
2014-11-25 10:11 - 2012-07-01 22:08 - 00731964 _____ () C:\Windows\system32\perfh010.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00716518 _____ () C:\Windows\system32\perfh019.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00648600 _____ () C:\Windows\system32\perfh01F.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00598906 _____ () C:\Windows\system32\perfh008.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00408696 _____ () C:\Windows\system32\perfh011.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00375868 _____ () C:\Windows\system32\prfh0804.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00150824 _____ () C:\Windows\system32\perfc019.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00146828 _____ () C:\Windows\system32\perfc010.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00139982 _____ () C:\Windows\system32\perfc01F.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00122082 _____ () C:\Windows\system32\perfc011.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00119574 _____ () C:\Windows\system32\prfc0804.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00111110 _____ () C:\Windows\system32\perfc008.dat
2014-11-25 10:11 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-25 10:11 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-25 10:11 - 2009-07-14 06:13 - 05888878 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 10:09 - 2012-07-17 15:05 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-25 09:48 - 2012-07-02 08:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-25 09:20 - 2012-06-30 14:14 - 00000000 ____D () C:\Users\Blub
2014-11-24 17:05 - 2013-05-29 19:07 - 00000000 ____D () C:\Users\Blub\Desktop\Julie UNI
2014-11-24 16:28 - 2013-10-31 10:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-23 21:14 - 2013-03-10 18:32 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-23 21:14 - 2013-03-10 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-23 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
Some content of TEMP:
====================
C:\Users\Blub\AppData\Local\Temp\Quarantine.exe
C:\Users\Blub\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-05 14:45
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Blub at 2014-12-18 20:48:41
Running from C:\Users\Blub\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
ffdshow v1.1.3892 [2011-06-20] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3892.0 - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.43.605 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.43.605 - DVDVideoSoft Ltd.)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.219.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-954819885-3130346551-584068455-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{b64ca997-b626-4abb-a046-5ca2d92ed659}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyFreeCodec (HKU\S-1-5-21-954819885-3130346551-584068455-1000\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Video Player (HKLM-x32\...\{244FB715-13C4-4C85-BEB6-6C1ABB29D8B1}) (Version: 1.7.5 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stereoscopic Player (HKLM-x32\...\{D6E0A2B3-7EA5-40BC-8AA6-5F9BDAF845AE}) (Version: 1.9.0 - 3dtv.at)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
04-12-2014 19:45:58 Windows Update
08-12-2014 19:18:06 Windows Update
12-12-2014 07:25:07 Windows Update
15-12-2014 07:49:14 Windows Update
18-12-2014 11:11:28 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-16 16:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {24D37BCE-698B-4FC1-88D1-43935829D328} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe
Task: {5707F24D-659B-4132-B4FC-772E7E2F2B1E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {60E093BE-828A-4D60-B1B3-85ED5A3D68D1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe
Task: {ADA73E53-3E9B-4604-8ECA-D953D5068CCE} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {BE4D5893-4419-4814-9B56-E497785E7E86} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) =============
2012-07-17 15:04 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-11 09:56 - 2014-10-24 18:13 - 26065408 _____ () F:\Spiele\Battle.net\Battle.net.5191\libcef.dll
2014-11-11 09:56 - 2014-10-24 18:13 - 00739840 _____ () F:\Spiele\Battle.net\Battle.net.5191\libGLESv2.dll
2014-11-11 09:56 - 2014-10-24 18:13 - 00905216 _____ () F:\Spiele\Battle.net\Battle.net.5191\platforms\qwindows.dll
2014-11-11 09:56 - 2014-10-24 18:13 - 00130048 _____ () F:\Spiele\Battle.net\Battle.net.5191\libEGL.dll
2014-11-11 09:56 - 2014-10-24 18:13 - 00020992 _____ () F:\Spiele\Battle.net\Battle.net.5191\imageformats\qgif.dll
2014-11-11 09:56 - 2014-10-24 18:13 - 00020992 _____ () F:\Spiele\Battle.net\Battle.net.5191\imageformats\qico.dll
2014-11-11 09:56 - 2014-10-24 18:13 - 00205312 _____ () F:\Spiele\Battle.net\Battle.net.5191\imageformats\qjpeg.dll
2014-11-11 09:56 - 2014-10-24 18:13 - 00225792 _____ () F:\Spiele\Battle.net\Battle.net.5191\imageformats\qmng.dll
2014-11-11 09:56 - 2014-10-24 18:13 - 00312832 _____ () F:\Spiele\Battle.net\Battle.net.5191\imageformats\qtiff.dll
2014-11-11 09:56 - 2014-10-24 18:13 - 00010240 _____ () F:\Spiele\Battle.net\Battle.net.5191\qml\QtQuick.2\qtquick2plugin.dll
2014-11-11 09:56 - 2014-10-24 18:13 - 00054272 _____ () F:\Spiele\Battle.net\Battle.net.5191\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-11-11 09:56 - 2014-10-24 18:13 - 00010240 _____ () F:\Spiele\Battle.net\Battle.net.5191\qml\QtQml\Models.2\modelsplugin.dll
2014-12-12 09:12 - 2014-12-12 09:12 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
2014-11-23 16:33 - 2014-12-10 19:17 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-11 09:51 - 2014-12-05 16:36 - 23950848 _____ () F:\Spiele\World of Warcraft\Utils\libcef.dll
2014-12-18 11:04 - 2014-12-18 11:04 - 00122368 _____ () C:\Users\Blub\AppData\Local\Temp\{0f21e47c-288d-4f2e-a1b6-a43feaae2028}\fasmdll_managed.dll
2014-12-18 11:06 - 2014-12-18 11:06 - 00261120 _____ () C:\Users\Blub\AppData\Local\Temp\{3a62ac46-caa2-4671-b4aa-b82721d3f088}\RecastLayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Blub^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^83871218D.lnk => C:\Windows\pss\83871218D.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Spiele\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-954819885-3130346551-584068455-500 - Administrator - Disabled)
Blub (S-1-5-21-954819885-3130346551-584068455-1000 - Administrator - Enabled) => C:\Users\Blub
Gast (S-1-5-21-954819885-3130346551-584068455-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-954819885-3130346551-584068455-1005 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/18/2014 08:44:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/18/2014 06:41:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/18/2014 06:41:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/18/2014 06:41:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/18/2014 06:41:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/18/2014 06:41:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/18/2014 06:41:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/18/2014 06:41:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (12/18/2014 08:44:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (12/18/2014 06:41:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/18/2014 06:41:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/18/2014 06:41:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/18/2014 06:41:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/18/2014 06:41:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/18/2014 06:41:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/18/2014 06:41:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2014-12-16 16:01:11.678
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-16 16:01:11.397
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 43%
Total physical RAM: 12279.12 MB
Available physical RAM: 6962.89 MB
Total Pagefile: 24556.42 MB
Available Pagefile: 18824.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.19 GB) (Free:46.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:22.54 GB) (Free:22.45 GB) NTFS
Drive f: (Lokaler Datenträger) (Fixed) (Total:931.51 GB) (Free:833.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 87F91105)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 139.7 GB) (Disk ID: 45D2117B)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=22.5 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
19.12.2014, 19:24
| #12 |
| /// the machine /// TB-Ausbilder | BKA Trojaner sperrt PC ESET nochmal, diesmal Haken setzen bei Funde löschen. NICHTS am Rechner machen. Hast Du aktuell Probleme mit verschlüsselten Daten?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.12.2014, 14:38
| #13 |
| | BKA Trojaner sperrt PC Hi, wie meinst du das mit verschlüsselten Daten? Also ich persönlich verschlüssel glaube ich nichts. Zumindest ist mir nichts bekannt. Das einzige womit ich vor ein paar Monaten Probleme hatte waren die Windows Updates. Dabei habe ich immer einen Bluescreen bekommen und seitdem hab ich auch keine Updates mehr durchgeführt da ich jedesmal mein System wiederherstellen musste  So der Eset log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e4e6557c81342749811187f708bb9e5f
# engine=21644
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-20 10:52:13
# local_time=2014-12-20 11:52:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 36274563 90366355 0 0
# scanned=289409
# found=32
# cleaned=32
# scan_time=6045
sh=275C6B59678D7352AC7C2A4BFF5F3BC607A5FA91 ft=1 fh=3c3f3600ebe9f899 vn="Variante von Win32/Kryptik.CSXR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\ProgramData\D81217838.cpp.xBAD"
sh=B473A731A9B6B2857E4ECD0CF640E0987FC46F5F ft=1 fh=bbb962bc64d501a0 vn="Variante von Win64/Kryptik.HE Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\ProgramData\348DC8F2E.zot.vir"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\3lozfbt13fcuaawha2aegjbiamxdgnwnjythcjhrraqxc0snupaaadaa\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\3lozfbt13fcuaawha2aegjbiamxdgnwnjythcjhrraqxc0snupaaadaa\f\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\my3ll3adkskafthyputjx42ceadw20tbqc4hwgpbdoru1krzy2aaaeda\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\my3ll3adkskafthyputjx42ceadw20tbqc4hwgpbdoru1krzy2aaaeda\f\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\zr3ag3i33ux00yyhbstvsfvvdy3g53oycqvq5gswqbvdhn1dybaaadca\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Microsoft\Silverlight\is\ev1z43kw.aep\v0grwu0l.dyq\1\s\zr3ag3i33ux00yyhbstvsfvvdy3g53oycqvq5gswqbvdhn1dybaaadca\f\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\Deployment\DECRYPT_INSTRUCTION.HTML"
sh=5EB3DCEE7DECA4E5C72210E70182571B268333AF ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\128d8fca-5339009a"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\Deployment\SystemCache\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_05\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_07\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_09\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_13\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_17\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_21\DECRYPT_INSTRUCTION.HTML"
sh=F2243FD333EDEA67707B551F2AB06C08804C2FC4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Blub\AppData\LocalLow\Sun\Java\jre1.7.0_25\DECRYPT_INSTRUCTION.HTML"
Code:
ATTFilter # product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e4e6557c81342749811187f708bb9e5f
# engine=21644
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-20 12:32:30
# local_time=2014-12-20 01:32:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 36280580 90372372 0 0
# scanned=289439
# found=0
# cleaned=0
# scan_time=5476
|
|
21.12.2014, 08:24
| #14 |
| /// the machine /// TB-Ausbilder | BKA Trojaner sperrt PC Ok, jetzt bitte ein frisches FRST Log. Was besteht jetzt aktuell noch an Problemen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.12.2014, 14:14
| #15 |
| | BKA Trojaner sperrt PC Hi, also an sich besteht kein Problem mehr außer das ich seit ein paar Monaten keine Windows Updates mehr gemacht habe. Wenn du sagst ich soll es jetzt nochmal versuchen mit den Updates denn mach ich das gerne. Vielleicht klappt es ja wieder nachdem der PC jetzt so sauber ist. FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by Blub (administrator) on BLUB-PC on 21-12-2014 14:08:34
Running from C:\Users\Blub\Desktop
Loaded Profile: Blub (Available profiles: Blub)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-954819885-3130346551-584068455-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-954819885-3130346551-584068455-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-954819885-3130346551-584068455-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\searchplugins\webde-suche.xml
FF Extension: ProxTube - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: SQLite Manager - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2014-11-25]
FF Extension: FlashGot - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-12-02]
FF Extension: Adblock Plus - C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\h7ec93kx.default-1380231283965\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 TeamViewer9; C:\Program Files\TeamViewer_Service.exe [4799760 2014-09-12] (TeamViewer GmbH)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-07] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-21 14:08 - 2014-12-21 14:08 - 00009985 _____ () C:\Users\Blub\Desktop\FRST.txt
2014-12-21 14:08 - 2014-12-21 14:08 - 00000000 ____D () C:\Users\Blub\Desktop\FRST-OlderVersion
2014-12-18 18:41 - 2014-12-18 18:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-18 18:37 - 2014-12-18 18:37 - 02347384 _____ (ESET) C:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
2014-12-18 18:37 - 2014-12-18 18:37 - 00852505 _____ () C:\Users\Blub\Desktop\SecurityCheck.exe
2014-12-17 10:20 - 2014-12-17 10:20 - 00000000 ____D () C:\Windows\ERUNT
2014-12-17 10:14 - 2014-12-17 10:16 - 00000000 ____D () C:\AdwCleaner
2014-12-17 10:03 - 2014-12-17 10:03 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-17 10:03 - 2014-12-17 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-17 10:03 - 2014-12-17 10:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-16 21:55 - 2014-12-16 21:55 - 02166272 _____ () C:\Users\Blub\Desktop\AdwCleaner_4.105.exe
2014-12-16 21:55 - 2014-12-16 21:55 - 01707646 _____ (Thisisu) C:\Users\Blub\Desktop\JRT.exe
2014-12-16 21:54 - 2014-12-16 21:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Blub\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-16 15:55 - 2014-12-16 16:04 - 00000000 ____D () C:\Qoobox
2014-12-16 15:55 - 2014-12-16 16:03 - 00000000 ____D () C:\Windows\erdnt
2014-12-16 15:55 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-16 15:55 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-16 15:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-16 15:55 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-16 15:51 - 2014-12-16 15:51 - 05601641 ____R (Swearware) C:\Users\Blub\Desktop\ComboFix.exe
2014-12-15 07:40 - 2014-12-21 14:08 - 02122240 _____ (Farbar) C:\Users\Blub\Desktop\FRST64.exe
2014-12-14 15:54 - 2014-12-21 14:08 - 00000000 ____D () C:\FRST
2014-12-14 14:02 - 2014-12-14 14:02 - 00000000 ____D () C:\Windows\pss
2014-12-07 16:14 - 2014-12-20 16:05 - 00016037 _____ () C:\Users\Blub\Desktop\DAYLIES.ods
2014-12-02 20:17 - 2014-12-02 20:17 - 00000000 ___HD () C:\Windows\AxInstSV
2014-12-02 10:46 - 2014-12-02 10:46 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\Oracle
2014-12-01 23:22 - 2014-12-01 23:22 - 00000158 _____ () C:\Users\Blub\Desktop\Weihnachten.txt
2014-11-25 10:09 - 2014-11-25 10:09 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-25 10:09 - 2014-11-12 21:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-25 10:06 - 2014-11-17 23:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-25 10:06 - 2014-11-17 23:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-25 10:06 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00451216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstusb.sys
2014-11-25 10:06 - 2014-11-13 01:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-25 10:06 - 2014-11-13 01:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-25 09:47 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-25 09:47 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-25 09:20 - 2014-11-25 09:20 - 00000000 ____D () C:\Users\Blub\.android
2014-11-24 16:27 - 2014-11-24 16:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-24 16:27 - 2014-11-24 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-24 16:27 - 2014-11-24 16:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-24 14:13 - 2014-11-24 14:13 - 00000000 ____D () C:\Program Files\DIFX
2014-11-24 14:12 - 2014-11-24 14:46 - 00008856 _____ () C:\Windows\DPINST.LOG
2014-11-24 13:37 - 2014-11-24 13:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-11-23 16:46 - 2014-12-17 10:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-23 16:46 - 2014-11-23 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 16:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-23 16:46 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-23 16:46 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-23 16:33 - 2014-11-23 16:33 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-23 16:25 - 2014-12-10 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-21 14:08 - 2012-06-30 14:04 - 01208380 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 14:04 - 2014-11-16 17:34 - 01030461 _____ () C:\Program Files\TeamViewer9_Logfile.log
2014-12-21 14:04 - 2009-07-14 05:51 - 00158111 _____ () C:\Windows\setupact.log
2014-12-21 14:03 - 2012-07-17 14:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-21 14:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 16:06 - 2013-10-31 00:30 - 00000000 ____D () C:\Users\Blub\AppData\Local\Battle.net
2014-12-20 10:14 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 10:14 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 13:02 - 2013-03-10 18:30 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\vlc
2014-12-17 10:16 - 2012-07-02 09:32 - 00106540 _____ () C:\Windows\PFRO.log
2014-12-16 16:01 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-14 14:12 - 2012-09-04 06:56 - 00000000 ____D () C:\temp
2014-12-12 09:12 - 2012-07-01 17:15 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 09:12 - 2012-07-01 17:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 09:11 - 2013-04-10 13:29 - 00000000 ____D () C:\Users\Blub\AppData\Local\Adobe
2014-12-12 07:17 - 2013-04-10 13:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-05 16:35 - 2013-10-31 00:30 - 00000000 ____D () C:\Users\Blub\AppData\Roaming\Battle.net
2014-12-04 08:45 - 2014-11-16 17:34 - 01048614 _____ () C:\Program Files\TeamViewer9_Logfile_OLD.log
2014-12-02 10:46 - 2012-07-17 21:48 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-26 14:45 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-26 09:13 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
2014-11-25 10:11 - 2012-07-01 22:08 - 00731964 _____ () C:\Windows\system32\perfh010.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00716518 _____ () C:\Windows\system32\perfh019.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00648600 _____ () C:\Windows\system32\perfh01F.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00598906 _____ () C:\Windows\system32\perfh008.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00408696 _____ () C:\Windows\system32\perfh011.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00375868 _____ () C:\Windows\system32\prfh0804.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00150824 _____ () C:\Windows\system32\perfc019.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00146828 _____ () C:\Windows\system32\perfc010.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00139982 _____ () C:\Windows\system32\perfc01F.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00122082 _____ () C:\Windows\system32\perfc011.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00119574 _____ () C:\Windows\system32\prfc0804.dat
2014-11-25 10:11 - 2012-07-01 22:08 - 00111110 _____ () C:\Windows\system32\perfc008.dat
2014-11-25 10:11 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-25 10:11 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-25 10:11 - 2009-07-14 06:13 - 05888878 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 10:09 - 2012-07-17 15:05 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-25 09:48 - 2012-07-02 08:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-25 09:20 - 2012-06-30 14:14 - 00000000 ____D () C:\Users\Blub
2014-11-24 17:05 - 2013-05-29 19:07 - 00000000 ____D () C:\Users\Blub\Desktop\Julie UNI
2014-11-24 16:28 - 2013-10-31 10:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-23 21:14 - 2013-03-10 18:32 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-23 21:14 - 2013-03-10 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-23 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-23 17:00 - 2014-11-20 16:26 - 00000000 ____D () C:\ProgramData\PamuGeqit
2014-11-23 16:55 - 2014-11-20 16:26 - 00000000 ____D () C:\ProgramData\UesibIggoc
Some content of TEMP:
====================
C:\Users\Blub\AppData\Local\Temp\Quarantine.exe
C:\Users\Blub\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-19 19:10
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014 01
Ran by Blub at 2014-12-21 14:09:12
Running from C:\Users\Blub\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
ffdshow v1.1.3892 [2011-06-20] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3892.0 - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.43.605 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.43.605 - DVDVideoSoft Ltd.)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.219.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-954819885-3130346551-584068455-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{b64ca997-b626-4abb-a046-5ca2d92ed659}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-954819885-3130346551-584068455-1000\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Video Player (HKLM-x32\...\{244FB715-13C4-4C85-BEB6-6C1ABB29D8B1}) (Version: 1.7.5 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stereoscopic Player (HKLM-x32\...\{D6E0A2B3-7EA5-40BC-8AA6-5F9BDAF845AE}) (Version: 1.9.0 - 3dtv.at)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-954819885-3130346551-584068455-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Blub\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
04-12-2014 19:45:58 Windows Update
08-12-2014 19:18:06 Windows Update
12-12-2014 07:25:07 Windows Update
15-12-2014 07:49:14 Windows Update
18-12-2014 11:11:28 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-16 16:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {24D37BCE-698B-4FC1-88D1-43935829D328} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe
Task: {5707F24D-659B-4132-B4FC-772E7E2F2B1E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {60E093BE-828A-4D60-B1B3-85ED5A3D68D1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe
Task: {ADA73E53-3E9B-4604-8ECA-D953D5068CCE} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {BE4D5893-4419-4814-9B56-E497785E7E86} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) =============
2012-07-17 15:04 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Blub^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^83871218D.lnk => C:\Windows\pss\83871218D.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Spiele\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-954819885-3130346551-584068455-500 - Administrator - Disabled)
Blub (S-1-5-21-954819885-3130346551-584068455-1000 - Administrator - Enabled) => C:\Users\Blub
Gast (S-1-5-21-954819885-3130346551-584068455-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-954819885-3130346551-584068455-1005 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/20/2014 01:59:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/20/2014 11:59:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/20/2014 11:59:00 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/20/2014 11:59:00 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/20/2014 11:58:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/20/2014 11:58:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/20/2014 11:58:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/20/2014 10:09:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/20/2014 10:09:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/20/2014 10:09:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (12/20/2014 01:59:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (12/20/2014 11:59:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/20/2014 11:59:00 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/20/2014 11:59:00 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/20/2014 11:58:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/20/2014 11:58:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/20/2014 11:58:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/20/2014 10:09:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/20/2014 10:09:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
Error: (12/20/2014 10:09:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blub\Desktop\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2014-12-16 16:01:11.678
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-16 16:01:11.397
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 20%
Total physical RAM: 12279.12 MB
Available physical RAM: 9758.38 MB
Total Pagefile: 24556.42 MB
Available Pagefile: 21961.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.19 GB) (Free:45.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:22.54 GB) (Free:22.45 GB) NTFS
Drive f: (Lokaler Datenträger) (Fixed) (Total:931.51 GB) (Free:831.78 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 87F91105)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 139.7 GB) (Disk ID: 45D2117B)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=22.5 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
| Themen zu BKA Trojaner sperrt PC |
| abgesicherte, abgesicherten, aufsetzen, ebenfalls, eingefangen, fehlercode 0x5, fehlercode 0xc0000005, fehlercode windows, gefangen, manager, meldung, nichts, problem, sperrt, system, tablet, task manager, trojaner, win32/filecoder.cr, win32/kryptik.csxr, win64/kryptik.he, windows, windows 7 |
WARNUNG an die MITLESER: 
Linear-Darstellung
