Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Avira durch gruppenrichtlinie blokiert

Avira durch gruppenrichtlinie blokiert


Log-Analyse und Auswertung: Avira durch gruppenrichtlinie blokiert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.02.2015, 00:32   #1
teurorist
 
Avira durch gruppenrichtlinie blokiert - Standard

Avira durch gruppenrichtlinie blokiert


Hi hab hier den Rechner einer bekannten welcher die besagte Meldung bringt eigentlich mit allen Fehlern wäre eine neu Installation in Relation zum zeitlichen Aufwand nur konsequent aber da man auch etwas lernen will bin ich hier

ich hatte die ssd bereits draußen und hab avira und mwb an einem anderen Rechner drüber laufen lassen da die Bootdatei von Windows fehlerhaft war und sich ominöser weise auch nicht mit der DVD wiederhergestellt werden konnte sondern erst nach händischem löschen an einem anderen pc (jaja Linux usw war aber für mich die schnellste Lösung so)
Wie ihr vielleicht sehen könnt lese ich schon lange bei euch mit und habe mich bisher immer an ähnlichen Fällen durchhangeln können
Deshalb hab ich auch auf gut Glück noch 2 eurer häufiger verwendeten Programme laufen lassen einmal combofix und jdt wobei ich an FRST scheitere oder um es direkt zu sagen kein plan davon habe wie das mit den FIXES funktioniert woher ihr die Information bezieht was alles gefixt werden muss.
Mein sorgloses Vorgehen ist einfach zu begründen ich hab die ssd nochmal und mir einen clon gezogen auf dem ich “arbeite/experimentiere”
Code:
ATTFilter
 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by ludewig (administrator) on LUDEWIG-PC on 09-02-2015 00:01:14
Running from C:\Users\ludewig\Downloads
Loaded Profiles: ludewig (Available profiles: ludewig)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Ubanq] => "C:\Users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe"
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\cmjahae-x32: C:\Users\ludewig\AppData\Local\cmjahae.dll [X]
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-05]
FF HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\qzjwg8tw.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1414941772&from=cor&uid=SanDiskXSDSSDHP128G_133648402638"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-29]
CHR Extension: (Google-Suche) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-29]
CHR Extension: (Avira Browser Safety) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-05]
CHR Extension: (AdBlock) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR Extension: (Google Mail) - C:\Users\ludewig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S0 ccmcn; C:\Windows\System32\drivers\fslx.sys [79064 2014-12-18] (Malwarebytes Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-05-17] (Intel(R) Corporation) [File not signed]
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-16] ()
S3 BS4177028450; \??\C:\Users\ludewig\AppData\Local\Temp\NTFS.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 00:01 - 2015-02-09 00:01 - 00016349 _____ () C:\Users\ludewig\Downloads\FRST.txt
2015-02-09 00:01 - 2015-02-09 00:01 - 00000000 ____D () C:\FRST
2015-02-09 00:00 - 2015-02-09 00:00 - 02132992 _____ (Farbar) C:\Users\ludewig\Downloads\FRST64.exe
2015-02-08 23:37 - 2015-02-08 23:37 - 00001502 _____ () C:\Users\ludewig\Desktop\JRT.txt
2015-02-08 23:34 - 2015-02-08 23:34 - 00000000 ___SD () C:\ComboFix
2015-02-08 23:29 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-08 23:29 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-08 23:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-08 23:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-08 23:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-08 23:29 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-08 23:29 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-08 23:29 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-08 23:28 - 2015-02-08 23:28 - 00003136 _____ () C:\Windows\System32\Tasks\{13B6374C-B668-460C-B4BC-2E1DF30FA87D}
2015-02-08 23:27 - 2015-02-08 23:34 - 00000000 ____D () C:\Qoobox
2015-02-08 23:27 - 2015-02-08 23:32 - 00000000 ____D () C:\Windows\erdnt
2015-02-08 23:27 - 2015-02-08 23:22 - 01388274 _____ (Thisisu) C:\Users\ludewig\Desktop\JRT.exe
2015-02-08 23:27 - 2015-02-08 23:21 - 05609947 ____R (Swearware) C:\Users\ludewig\Desktop\ComboFix.exe
2015-01-15 13:37 - 2015-01-15 13:37 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 06:47 - 2015-02-08 22:02 - 00000000 ____D () C:\Users\ludewig\AppData\Roaming\Olevmiy
2015-01-14 06:47 - 2015-01-14 06:47 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 2068250175
2015-01-13 16:40 - 2015-01-13 16:41 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\ludewig\Downloads\avira_de_av_5780127680__ws.exe
2015-01-13 16:31 - 2015-01-13 16:31 - 00896280 _____ () C:\Users\ludewig\Downloads\Norton_Removal_Tool.exe
2015-01-13 16:25 - 2015-01-13 16:26 - 02191360 _____ () C:\Users\ludewig\Downloads\adwcleaner_4.107.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 00:00 - 2013-11-29 15:31 - 01952495 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 23:56 - 2014-04-27 17:43 - 00000000 ____D () C:\Users\ludewig\AppData\Roaming\Skype
2015-02-08 23:47 - 2009-07-14 05:45 - 00023008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 23:47 - 2009-07-14 05:45 - 00023008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 23:39 - 2014-11-05 16:10 - 00012625 _____ () C:\Windows\setupact.log
2015-02-08 23:39 - 2014-04-05 17:46 - 00000306 _____ () C:\Windows\Tasks\Obivs.job
2015-02-08 23:39 - 2013-11-29 16:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 23:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 23:35 - 2013-12-29 10:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 23:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-08 23:32 - 2014-11-05 16:10 - 00219888 _____ () C:\Windows\PFRO.log
2015-02-08 23:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-08 21:42 - 2009-07-14 18:58 - 00732820 _____ () C:\Windows\system32\perfh007.dat
2015-02-08 21:42 - 2009-07-14 18:58 - 00159854 _____ () C:\Windows\system32\perfc007.dat
2015-02-08 21:42 - 2009-07-14 06:13 - 00927188 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 21:41 - 2013-11-29 16:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 14:57 - 2013-11-29 16:27 - 00000773 _____ () C:\Users\ludewig\Desktop\Daten alter PC November 2013 - Verknüpfung.lnk
2015-01-16 20:26 - 2014-11-05 15:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 19:37 - 2013-11-29 16:10 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-01-15 13:37 - 2013-12-29 10:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 13:37 - 2013-12-29 10:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 13:37 - 2013-12-29 10:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 06:39 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 06:57 - 2014-01-28 20:33 - 00000000 ____D () C:\Users\ludewig\AppData\Local\CrashDumps
2015-01-13 16:41 - 2014-11-05 15:26 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-13 16:41 - 2014-11-05 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-13 16:27 - 2014-11-05 16:00 - 00000000 ____D () C:\AdwCleaner

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 19:49

==================== End Of Log ============================
Code:
ATTFilter
 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by ludewig at 2015-02-09 00:01:28
Running from C:\Users\ludewig\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{1EF24D7D-7B14-4EBA-A686-9E91C9C6763D}) (Version: 4.1.40.2143 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 Small Business Premium - de-de (HKLM\...\O365SmallBusPremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.68.201.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4283835491-3418897640-3424372083-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\rdpencom.dll No File

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-08 23:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A28098B-DB6F-45B4-BCCE-E595ACCC3270} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {56B51F9B-63CF-49F1-970A-35D4DFFEF625} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6B4A8F01-4F0C-4C50-9199-60E915E3DF76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {84FDC769-09F8-4270-B510-19973EF6A907} - System32\Tasks\Obivs => Rundll32.exe "C:\Windows\SysWOW64\wfapigp3.dll",wkka
Task: {8E1156D8-A8CA-4208-A292-74200229245C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {994F3E13-3515-477D-B6F6-BDE0FEDBBD4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {A542370F-D932-4FBD-84C5-405401F1AAA1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {BC78E112-71B9-4710-822C-39F5003422CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {C85DAF38-5C30-40DA-9A2E-D345D0F98A2B} - System32\Tasks\{13B6374C-B668-460C-B4BC-2E1DF30FA87D} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {D985CB3A-E913-4F54-B104-50582FA02941} - System32\Tasks\Security Center Update - 2068250175 => C:\Users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe <==== ATTENTION
Task: {E3BDE60E-40E9-47B2-AF98-D32AD3227457} - System32\Tasks\{2D1F7944-6B69-495C-8A35-1BCAEE88FB2D} => pcalua.exe -a C:\Users\ludewig\Desktop\avm_fritz!wlan_usb_stick_build_100906.exe -d C:\Users\ludewig\Desktop
Task: {FB047328-EB6E-4389-A64A-B5FA0A516DEB} - System32\Tasks\{257022A6-B368-48D0-9680-4B02447A2EFD} => pcalua.exe -a C:\Users\ludewig\Desktop\PUSHINST.EXE -d C:\Users\ludewig\Desktop
Task: {FF88981E-F59E-4B7F-B612-1F43A0CC1B8F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Obivs.job => C:\Windows\SysWOW64\wfapigp3.dll

==================== Loaded Modules (whitelisted) ==============

2014-03-19 18:58 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-11-29 16:06 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-10 18:56 - 2014-12-11 07:33 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4283835491-3418897640-3424372083-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ludewig\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iSCTsysTray.lnk => C:\Windows\pss\iSCTsysTray.lnk.CommonStartup
MSCONFIG\startupreg: HogaZexi => regsvr32.exe "
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: megxlay => rundll32 ",megxlay
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-4283835491-3418897640-3424372083-500 - Administrator - Disabled)
Gast (S-1-5-21-4283835491-3418897640-3424372083-501 - Limited - Disabled)
ludewig (S-1-5-21-4283835491-3418897640-3424372083-1000 - Administrator - Enabled) => C:\Users\ludewig

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 11:49:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (02/08/2015 11:44:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (02/08/2015 11:39:50 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CISCTPnpDriverApi::CreateInstance   *****Unable to open the ISCT device driver

Error: (02/08/2015 11:37:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.


System errors:
=============
Error: (02/08/2015 11:39:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ccmcn

Error: (02/08/2015 11:39:46 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber fslx.sys konnte nicht geladen werden.


Microsoft Office Sessions:
=========================
Error: (02/08/2015 11:49:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (02/08/2015 11:44:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description:  16000000007B3100007B310000980B0000

Error: (02/08/2015 11:39:50 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CISCTPnpDriverApi::CreateInstance   *****Unable to open the ISCT device driver

Error: (02/08/2015 11:37:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description:  16000000007B3100007B310000980B0000


CodeIntegrity Errors:
===================================
  Date: 2015-02-08 23:31:36.148
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-08 23:31:36.116
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz
Percentage of memory in use: 62%
Total physical RAM: 3768.4 MB
Available physical RAM: 1396.33 MB
Total Pagefile: 7534.98 MB
Available Pagefile: 5123.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:78.87 GB) NTFS
Drive d: (GRMCULXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 2EAFD577)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

JTR:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by ludewig on 08.02.2015 at 23:35:22,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4283835491-3418897640-3424372083-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\ludewig\AppData\Roaming\mozilla\firefox\profiles\iofmr8mm.default-1415199366866\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2015 at 23:37:11,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Combofix

Code:
ATTFilter
ComboFix 15-02-08.01 - ludewig 08.02.2015  23:29:56.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3768.2538 [GMT 1:00]
ausgeführt von:: c:\users\ludewig\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\update.exe
c:\users\ludewig\AppData\Local\nsr23C7.tmp
c:\windows\Tasks\Security Center Update - 2068250175.job
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SecurityCenterServer2068250175
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-08 bis 2015-02-08  ))))))))))))))))))))))))))))))
.
.
2015-02-08 22:31 . 2015-02-08 22:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-15 12:37 . 2015-01-15 12:37	5013680	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-14 05:47 . 2015-02-08 21:02	--------	d-----w-	c:\users\ludewig\AppData\Roaming\Olevmiy
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-16 19:26 . 2014-11-05 14:25	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-16 18:37 . 2013-11-29 15:10	34752	----a-w-	c:\windows\system32\drivers\WPRO_41_2001.sys
2015-01-15 12:37 . 2013-12-29 09:36	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-15 12:37 . 2013-12-29 09:36	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-18 21:12 . 2014-12-18 21:12	79064	----a-w-	c:\windows\system32\drivers\fslx.sys
2014-11-21 05:14 . 2014-11-05 14:25	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-11-05 14:25	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-11-05 14:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-20 05:00 . 2014-11-20 05:01	43064	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-11-13 17:25 . 2013-12-07 17:28	103374192	----a-w-	c:\windows\system32\MRT.exe
2014-11-11 03:08 . 2014-11-19 19:16	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 19:16	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 19:16	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 19:16	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 00:41	1729744	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 00:41	1729744	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 00:41	1729744	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30872168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-07-04 191528]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
R0 ccmcn;ccmcn;c:\windows\System32\drivers\fslx.sys;c:\windows\SYSNATIVE\drivers\fslx.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
R2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe  [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 BS4177028450;BS4177028450;c:\users\ludewig\AppData\Local\Temp\NTFS.sys;c:\users\ludewig\AppData\Local\Temp\NTFS.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 19:05	1087816	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-29 12:37]
.
2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-29 15:53]
.
2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-29 15:53]
.
2015-02-08 c:\windows\Tasks\Obivs.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 08:07	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 08:07	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 08:07	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\ludewig\AppData\Roaming\Mozilla\Firefox\Profiles\iofmr8mm.default-1415199366866\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-cmjahae - c:\users\ludewig\AppData\Local\cmjahae.dll
Wow6432Node-HKCU-Run-Ubanq - c:\users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe
Wow6432Node-HKLM-Run-Ubanq - c:\users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe
Wow6432Node-HKU-Default-Run-AviraSpeedup - c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-cmjahae - c:\users\ludewig\AppData\Local\cmjahae.dll
Notify-megxlay - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Ubanq - c:\users\ludewig\AppData\Roaming\Olevmiy\puyfug.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-08  23:33:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-08 22:33
.
Vor Suchlauf: 8 Verzeichnis(se), 85.152.497.664 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 84.960.030.720 Bytes frei
.
- - End Of File - - 7F3797F4D0A6F2A63BD5FD82AC5837CB
A36C5E4F47E84449FF07ED3517B43A31

 

Themen zu Avira durch gruppenrichtlinie blokiert
askbar, fehlercode 0x5, fehlercode 0x80004005, fehlercode 0x81000006, fehlercode windows, js/exploit.agent.nhy, js/exploit.agent.nid, js/securitydisabler.a.gen, office 365, pup.optional.spigot.a, pup.optional.vitruvian.a, pup.optional.webinstr.a, sweet-page, sweet-page entfernen, win32/agent.wga, win32/bundled.toolbar.google.d, win32/downloadsponsor.c, win32/toolbar.widgi, win32/trojandownloader.fakealert.aqi, win32/vopackage.bc, win64/systweak.a, win64/toolbar.widgi.a


« 3 Tabs werden in Chrome geöffnet | unerwünschte Werbebanner in Chrome (Offers.ByContext.com) »


Ähnliche Themen: Avira durch gruppenrichtlinie blokiert


  1. Avira Antivir wird durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 06.01.2015 (11)
  2. Avira wird durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (25)
  3. Avira wird durch eine Gruppenrichtlinie gesperrt
    Log-Analyse und Auswertung - 07.09.2014 (3)
  4. Avira und Malware durch eine Gruppenrichtlinie gesperrt
    Lob, Kritik und Wünsche - 23.08.2014 (0)
  5. Avira und Malware durch eine Gruppenrichtlinie gesperrt
    Plagegeister aller Art und deren Bekämpfung - 22.08.2014 (49)
  6. Avira durch gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 26.07.2014 (17)
  7. Avira durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 28.06.2014 (13)
  8. Avira durch Gruppenrichtlinie geblockt - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (17)
  9. Vista: Avira wurde durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 15.06.2014 (13)
  10. Avira Virenprogramm durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 11.06.2014 (1)
  11. Windows 7: Avira wurde durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 11.06.2014 (17)
  12. Win7 Pro - SP 1 - 32 Bit - Avira durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 11.06.2014 (14)
  13. Avira wurde durch eine Gruppenrichtlinie blockiert!
    Alles rund um Windows - 05.06.2014 (5)
  14. Win7: Avira wird durch Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 22.05.2014 (9)
  15. WIN7: Avira wird durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 13.05.2014 (9)
  16. Avira Start wird durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 21.04.2014 (9)
  17. Avira wird durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 03.04.2014 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avira durch gruppenrichtlinie blokiert - Hi hab hier den Rechner einer bekannten welcher die besagte Meldung bringt eigentlich mit allen Fehlern wäre eine neu Installation in Relation zum zeitlichen Aufwand nur konsequent aber da man - Avira durch gruppenrichtlinie blokiert...
Archiv
Du betrachtest: Avira durch gruppenrichtlinie blokiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131