| |
| |||||||
Log-Analyse und Auswertung: Keine Ahnung, was da los ist (Laptop spinnt)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.02.2015, 22:21
| #1 |
 |  Keine Ahnung, was da los ist (Laptop spinnt) Hallo, ich habe einen ACER-Laptop, der irgendwie "spinnt". Alles ist extrem langsam, AVIRA lässt sich nicht schließen... irgendwas scheint ihn infiziert zu haben. Der Malware Byte hatte mal was gefunden, was ich gelöscht habe, aber irgendwie ist es immer noch nicht normal hier. Defogger-Log enthält nun dies: defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:06 on 12/02/2015 (Coco xD) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- LG Queesy FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015 Ran by Coco xD (administrator) on COSPC on 12-02-2015 22:14:15 Running from C:\Users\Coco xD\Desktop Loaded Profiles: Coco xD & Corinna Heindel (Available profiles: Coco xD & Corinna Heindel) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\T-Mobile\InternetManager_A\BackgroundService\ServiceManager.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Akamai Technologies, Inc.) C:\Users\Coco xD\AppData\Local\Akamai\netsession_win.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Akamai Technologies, Inc.) C:\Users\Coco xD\AppData\Local\Akamai\netsession_win.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe () C:\Program Files (x86)\T-Mobile\InternetManager_A\Background\ModemListener.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Opera Software) C:\Program Files (x86)\Opera\27.0.1689.66\opera.exe () C:\Program Files (x86)\Opera\27.0.1689.66\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\27.0.1689.66\opera.exe (Opera Software) C:\Program Files (x86)\Opera\27.0.1689.66\opera.exe (Opera Software) C:\Program Files (x86)\Opera\27.0.1689.66\opera.exe (Opera Software) C:\Program Files (x86)\Opera\27.0.1689.66\opera.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [976032 2011-09-16] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-09-16] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [T-Mobile ModemListener] => C:\Program Files (x86)\T-Mobile\InternetManager_A\Background\ModemListener.exe [114040 2013-01-11] () HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\Run: [Viber] => C:\Users\Coco xD\AppData\Local\Viber\Viber.exe [936456 2014-02-07] () HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Coco xD\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-1690209641-3373620738-964198196-1004\...\Run: [Akamai NetSession Interface] => C:\Users\Corinna Heindel\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1690209641-3373620738-964198196-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://blingeeplus.searchcanvas.com/?ot=6 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1690209641-3373620738-964198196-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1690209641-3373620738-964198196-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://blingeeplus.searchcanvas.com/?ot=6 URLSearchHook: [S-1-5-21-1690209641-3373620738-964198196-1000] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {8D7BCC95-4B3A-4597-B533-7B32EBE22488} URL = hxxp://blingeeplus.searchcanvas.com/web?ot=3&q={searchTerms} SearchScopes: HKLM-x32 -> {8D7BCC95-4B3A-4597-B533-7B32EBE22488} URL = hxxp://blingeeplus.searchcanvas.com/web?ot=3&q={searchTerms} SearchScopes: HKU\S-1-5-21-1690209641-3373620738-964198196-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1690209641-3373620738-964198196-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1690209641-3373620738-964198196-1000 -> {8D7BCC95-4B3A-4597-B533-7B32EBE22488} URL = hxxp://blingeeplus.searchcanvas.com/web?ot=3&q={searchTerms} SearchScopes: HKU\S-1-5-21-1690209641-3373620738-964198196-1000 -> {c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} URL = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} SearchScopes: HKU\S-1-5-21-1690209641-3373620738-964198196-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: ssaveItkEeep. -> {8A4DB2B3-A828-92D5-C401-E8A74E534843} -> C:\ProgramData\ssaveItkEeep\Hb0gXzlxU.x64.dll No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: DocToTXTCuOnvert -> {D290CB43-DE90-75DC-5134-17BF6E687407} -> C:\ProgramData\DocToTXTCuOnvert\yRa8J.x64.dll No File BHO: CliiCKForSale -> {F3172396-71A4-A29D-A47F-0B1A633007AF} -> C:\ProgramData\CliiCKForSale\04gJfl.x64.dll No File BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1690209641-3373620738-964198196-1000 -> No Name - {4646332D-5637-4300-76A7-7A786E7484D7} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Coco xD\AppData\Roaming\Mozilla\Firefox\Profiles\vxn85ufv.default FF SearchEngineOrder.3: Bing FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1690209641-3373620738-964198196-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Coco xD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Amazon-Icon - C:\Users\Coco xD\AppData\Roaming\Mozilla\Firefox\Profiles\vxn85ufv.default\Extensions\amazon-icon@giga.de [2014-12-17] FF Extension: New tab - C:\Users\Coco xD\AppData\Roaming\Mozilla\Firefox\Profiles\vxn85ufv.default\Extensions\{92840B75-E76A-F47F-34A0-7437D56FAA25} [2013-12-06] FF HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\Firefox\Extensions: [{1d446f5f-3f76-4f37-983a-4a16afa1da12}] - C:\Program Files (x86)\Re-markit\150.xpi StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Profile: C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02] CHR Extension: (Google Drive) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-02] CHR Extension: (YouTube) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02] CHR Extension: (Google-Suche) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02] CHR Extension: (Avira Browserschutz) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-11] CHR Extension: (Google Wallet) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-10] CHR Extension: (Amazon) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2014-12-17] CHR Extension: (Google Mail) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [gnfaiijpfcmdehcgcnnippmnhjjnbllp] - C:\Program Files (x86)\Blingee Plus\blingee_plus_nt.crx [2015-01-24] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Coco xD\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-12-17] StartMenuInternet: Google Chrome - Chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-09-16] (Atheros Commnucations) [File not signed] S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed] S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] () S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Modem Device Helper; C:\Program Files (x86)\T-Mobile\InternetManager_A\BackgroundService\ServiceManager.exe [51576 2013-01-11] () [File not signed] R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-27] (Electronic Arts) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AlcatelOTDCWwan; C:\Windows\System32\DRIVERS\AlcatelOTDCWwan.sys [159744 2013-01-11] (TCT International Mobile Ltd.) S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2013-01-11] (Windows (R) Codename Longhorn DDK provider) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [123776 2013-01-11] (TCT International Mobile Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2014-04-06] () R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S0 cybyjmwm; System32\drivers\ghscv.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 22:14 - 2015-02-12 22:14 - 00024435 _____ () C:\Users\Coco xD\Desktop\FRST.txt 2015-02-12 22:12 - 2015-02-12 22:14 - 00000000 ____D () C:\FRST 2015-02-12 22:12 - 2015-02-12 22:12 - 02134016 _____ (Farbar) C:\Users\Coco xD\Desktop\FRST64.exe 2015-02-12 22:06 - 2015-02-12 22:06 - 00000476 _____ () C:\Users\Coco xD\Desktop\defogger_disable.log 2015-02-12 22:05 - 2015-02-12 22:05 - 00050477 _____ () C:\Users\Coco xD\Desktop\Defogger.exe 2015-02-06 16:40 - 2015-02-06 16:40 - 00003341 _____ () C:\Users\Coco xD\AppData\Local\recently-used.xbel 2015-02-01 13:14 - 2015-02-01 13:19 - 00000000 ____D () C:\Program Files (x86)\Minecraft 2015-02-01 13:14 - 2015-02-01 13:14 - 00000925 _____ () C:\Users\Public\Desktop\Minecraft.lnk 2015-02-01 13:14 - 2015-02-01 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2015-02-01 13:10 - 2015-02-01 13:10 - 02314240 _____ () C:\Users\Coco xD\Downloads\MinecraftInstaller.msi 2015-01-31 17:58 - 2015-01-31 17:58 - 00002028 _____ () C:\Users\Public\Desktop\Star Stable.lnk 2015-01-31 17:58 - 2015-01-31 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Stable 2015-01-31 17:58 - 2015-01-31 17:58 - 00000000 ____D () C:\Program Files (x86)\Star Stable Entertainment AB 2015-01-31 17:55 - 2015-01-31 17:55 - 05678160 _____ (Macrovision Corporation) C:\Users\Coco xD\Downloads\StarStableSetup.exe 2015-01-30 23:50 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2015-01-30 23:50 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2015-01-30 23:50 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2015-01-30 23:50 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2015-01-30 23:50 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2015-01-30 23:50 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2015-01-30 23:50 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2015-01-30 23:50 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2015-01-30 23:43 - 2015-01-30 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Vampyre Story 2015-01-30 23:43 - 2015-01-30 23:43 - 00001095 _____ () C:\Users\Corinna Heindel\Desktop\A Vampyre Story.lnk 2015-01-30 23:43 - 2015-01-30 23:43 - 00001095 _____ () C:\Users\Coco xD\Desktop\A Vampyre Story.lnk 2015-01-30 23:36 - 2015-01-30 23:51 - 00000000 ____D () C:\Program Files (x86)\A Vampyre Story 2015-01-30 23:36 - 2015-01-30 23:36 - 00000000 ____D () C:\Users\Coco xD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Vampyre Story 2015-01-26 20:08 - 2015-01-26 20:08 - 00911920 _____ () C:\Windows\Minidump\012615-19827-01.dmp 2015-01-25 18:37 - 2015-01-25 18:37 - 00908056 _____ () C:\Windows\Minidump\012515-19047-01.dmp 2015-01-25 15:09 - 2015-01-25 15:10 - 00919352 _____ () C:\Windows\Minidump\012515-29874-01.dmp 2015-01-24 09:42 - 2015-01-26 16:31 - 00000000 ____D () C:\Program Files (x86)\Blingee Plus 2015-01-24 09:42 - 2015-01-24 09:42 - 01814968 _____ ( ) C:\Users\Coco xD\Downloads\blingeeplus_setup_ie_a_1.0.0.9.exe 2015-01-24 09:42 - 2015-01-24 09:42 - 00000000 __SHD () C:\Users\Coco xD\AppData\Local\EmieBrowserModeList 2015-01-14 14:33 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 14:33 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 14:33 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 14:33 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 14:33 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 14:33 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 14:33 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 14:33 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 14:33 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 14:33 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 14:33 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 14:33 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 14:33 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 22:03 - 2013-07-23 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-12 22:02 - 2014-11-12 21:24 - 00003846 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1415823873 2015-02-12 22:02 - 2013-09-24 17:42 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-02-12 22:02 - 2013-07-21 16:18 - 01922432 _____ () C:\Windows\WindowsUpdate.log 2015-02-12 21:49 - 2014-11-27 15:44 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-12 17:53 - 2013-07-22 13:45 - 00000000 ____D () C:\Users\Coco xD\AppData\Roaming\Skype 2015-02-12 17:45 - 2014-01-21 17:40 - 00000000 ____D () C:\Users\Coco xD\.gimp-2.8 2015-02-12 17:28 - 2014-12-23 13:28 - 00000000 ____D () C:\Users\Coco xD\AppData\Local\Windows Live 2015-02-12 17:26 - 2013-07-23 18:43 - 00767152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-12 17:26 - 2013-07-23 18:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-12 17:26 - 2011-10-20 10:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-12 17:24 - 2014-11-27 15:44 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-12 17:24 - 2014-05-22 20:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-06 16:40 - 2014-01-21 17:42 - 00000000 ____D () C:\Users\Coco xD\AppData\Local\gtk-2.0 2015-02-05 20:29 - 2013-07-23 18:43 - 00000000 ____D () C:\Users\Coco xD\AppData\Local\Adobe 2015-02-05 18:28 - 2014-02-22 22:02 - 00000000 ____D () C:\Users\Coco xD\AppData\Local\Viber 2015-02-04 18:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-02-02 20:57 - 2009-07-14 05:51 - 00077618 _____ () C:\Windows\setupact.log 2015-02-02 19:32 - 2013-10-04 16:59 - 00000000 ____D () C:\Users\Coco xD\AppData\Roaming\.minecraft 2015-02-01 15:17 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-01 15:17 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-01 13:16 - 2014-08-30 22:18 - 00282112 ___SH () C:\Users\Coco xD\Downloads\Thumbs.db 2015-01-31 18:23 - 2013-07-22 14:18 - 00000000 ____D () C:\Users\Coco xD\AppData\Local\CrashDumps 2015-01-31 17:58 - 2014-01-05 10:32 - 00000000 ____D () C:\Users\Public\StarStableOnline 2015-01-31 17:58 - 2011-10-20 09:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-30 23:56 - 2013-07-21 18:22 - 00000000 ____D () C:\Users\Coco xD\AppData\Local\VirtualStore 2015-01-30 23:50 - 2011-10-20 10:07 - 00046323 _____ () C:\Windows\DirectX.log 2015-01-27 16:43 - 2013-07-22 02:12 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2015-01-27 16:43 - 2013-07-22 02:12 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2015-01-27 16:43 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-26 20:14 - 2014-02-22 22:03 - 00000000 ____D () C:\Users\Coco xD\AppData\Roaming\ViberPC 2015-01-26 20:09 - 2013-07-21 18:53 - 00000000 ____D () C:\ProgramData\clear.fi 2015-01-26 20:08 - 2014-01-29 15:09 - 466671276 _____ () C:\Windows\MEMORY.DMP 2015-01-26 20:08 - 2014-01-29 15:09 - 00000000 ____D () C:\Windows\Minidump 2015-01-26 20:08 - 2010-11-21 04:47 - 01549278 _____ () C:\Windows\PFRO.log 2015-01-26 20:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-26 18:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-25 20:02 - 2013-07-29 18:17 - 00000000 ____D () C:\Users\Coco xD\AppData\Roaming\vlc 2015-01-15 13:46 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-14 18:31 - 2013-07-29 18:33 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 18:30 - 2013-07-29 13:33 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-04-06 10:20 - 2014-04-06 10:20 - 0001031 _____ () C:\Program Files\WinRAR.lnk 2014-04-06 13:58 - 2014-04-06 13:58 - 0001181 _____ () C:\Users\Coco xD\AppData\Roaming\trace_FilterInstaller.txt 2014-04-06 13:58 - 2014-04-06 13:58 - 0000000 _____ () C:\Users\Coco xD\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2014-01-18 15:47 - 2014-05-08 07:15 - 0000139 _____ () C:\Users\Coco xD\AppData\Roaming\WB.CFG 2014-10-13 16:35 - 2014-10-13 16:35 - 0006558 _____ () C:\Users\Coco xD\AppData\Local\HWVendorDetection.log 2015-02-06 16:40 - 2015-02-06 16:40 - 0003341 _____ () C:\Users\Coco xD\AppData\Local\recently-used.xbel 2013-10-04 15:27 - 2014-11-05 19:39 - 0017408 _____ () C:\Users\Coco xD\AppData\Local\WebpageIcons.db 2013-07-21 16:48 - 2013-07-21 16:50 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log Some content of TEMP: ==================== C:\Users\Coco xD\AppData\Local\Temp\amazonicon_v10.exe C:\Users\Coco xD\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Coco xD\AppData\Local\Temp\avgnt.exe C:\Users\Coco xD\AppData\Local\Temp\drm_dyndata_7380013.dll C:\Users\Coco xD\AppData\Local\Temp\InstallIMVU_510.0.exe C:\Users\Coco xD\AppData\Local\Temp\jna7515044706968453954.hunspell-win-x86-32.dll C:\Users\Coco xD\AppData\Local\Temp\jna8429681837094563363.hunspell-win-x86-32.dll C:\Users\Coco xD\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Coco xD\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Coco xD\AppData\Local\Temp\ndssaver01_setup.exe C:\Users\Coco xD\AppData\Local\Temp\NGMDll.dll C:\Users\Coco xD\AppData\Local\Temp\NGMResource.dll C:\Users\Coco xD\AppData\Local\Temp\NGMSetup.exe C:\Users\Coco xD\AppData\Local\Temp\optprosetup.exe C:\Users\Coco xD\AppData\Local\Temp\sdan.exe C:\Users\Coco xD\AppData\Local\Temp\sdapk.exe C:\Users\Coco xD\AppData\Local\Temp\sdaspwn.exe C:\Users\Coco xD\AppData\Local\Temp\SkypeSetup.exe C:\Users\Coco xD\AppData\Local\Temp\unicows.dll C:\Users\Corinna Heindel\AppData\Local\Temp\avgnt.exe C:\Users\Corinna Heindel\AppData\Local\Temp\NGMSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-04 17:52 ==================== End Of Log ============================ --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by Coco xD at 2015-02-12 22:17:37
Running from C:\Users\Coco xD\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
A Vampyre Story (HKLM-x32\...\A Vampyre Story) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.99 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1690209641-3373620738-964198196-1004\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{1D72BF42-E249-4EB7-CC4C-8CC09DAB180B}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.96 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{7050D165-886B-42BD-A39E-9B28C9728318}) (Version: 2.9.0 - Kovid Goyal)
ccc-core-static (x32 Version: 2011.0208.2202.39516 - Ihr Firmenname) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 "Erstelle eine Welt"-Tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
Die Sims™ 3 Diesel Accessoires (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
Die Sims™ 4 Erstelle einen Sim-Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
IMVU Avatar Chat Software (HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\IMVU Avatar chat client software BETA) (Version: - )
InetStat (HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\InetStat) (Version: 0.5b - InetStat) <==== ATTENTION!
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet Manager (HKLM-x32\...\Internet Manager_is1) (Version: - TCT Mobile Limited)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MixPad Audiodatei-Mixer (HKLM-x32\...\MixPad) (Version: 3.37 - NCH Software)
ndssaver01 (HKLM-x32\...\ndssaver01) (Version: - )
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Opera Stable 25.0.1614.50 (HKLM-x32\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Opera Stable 27.0.1689.69 (HKLM-x32\...\Opera 27.0.1689.69) (Version: 27.0.1689.69 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Plus-HD-5.5 (HKLM-x32\...\Plus-HD-5.5) (Version: 1.33.153.1 - Plus HD) <==== ATTENTION
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SoundTap Audiostream-Rekorder (HKLM-x32\...\SoundTap) (Version: 2.27 - NCH Software)
SRWare Iron Version SRWare Iron 35.0.1900.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 35.0.1900.0 - SRWare)
ssaveItkEeep. (HKLM-x32\...\{B10BC31B-DBC6-56FE-DD3D-DD4E49A3E6CE}) (Version: - saveitKeepp.)
Star Stable (HKLM-x32\...\{2B03B553-4983-4005-99C4-31DFC25B4BB9}) (Version: 1.00.0000 - Star Stable Entertainment AB)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Unity Web Player (HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Viber (HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\Viber) (Version: 3.0.0.132799 - Viber Media Inc)
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 5.71 - NCH Software)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 5.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)
Zwinky Internet Explorer Toolbar (HKLM-x32\...\Zwinky_5qbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-05-28 17:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {003F91E1-EADC-4D04-8255-E6EEEF4D47C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1B542EBA-E963-47FC-B88A-9AFDF3FA2DE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-27] (Google Inc.)
Task: {290A6F26-5E90-47D3-B8DA-C13106677469} - System32\Tasks\{71D1473C-4B44-4D63-BC3F-EC98A96C447B} => pcalua.exe -a "C:\Users\Coco xD\Downloads\worldtool (1).exe" -d "C:\Users\Coco xD\Downloads"
Task: {2CB49D27-229D-4F63-A0DD-EA1FAAB8180E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {626D74AF-CFE2-4E2C-9A07-8844143BB36E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {754CD365-1F4D-4C78-9813-9B62E223E05F} - System32\Tasks\Opera scheduled Autoupdate 1380040932 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-10] (Opera Software)
Task: {80E428E7-95BA-48AE-AE42-20CE2A2E80FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {83BCD348-31D6-4CCC-AC4E-6ECFB42E42EB} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {89C687CF-5680-4F6A-ADB3-784398C37371} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {9043FC88-A151-45BB-B675-3404A4220DCE} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {A873D2EE-29A9-437F-BAB0-CFA88CC7750A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)
Task: {AA55F279-3F65-4D55-B892-5AAE2D0BD0EE} - System32\Tasks\Opera scheduled Autoupdate 1415823873 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-10] (Opera Software)
Task: {C85C0138-157D-45EB-B97F-D73BFDCCEB69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-27] (Google Inc.)
Task: {D72C65B4-AAC4-41F6-AE02-42ADA3F82C87} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {E0B690B0-C69D-48FA-8726-CD095D36DC14} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-03-21 14:17 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-27 10:01 - 2013-01-11 13:27 - 00051576 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_A\BackgroundService\ServiceManager.exe
2013-08-27 10:01 - 2013-01-11 14:00 - 00114040 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_A\Background\ModemListener.exe
2011-02-08 21:01 - 2011-02-08 21:01 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-12-02 09:09 - 2010-12-02 09:09 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-02-03 15:30 - 2015-02-03 15:30 - 00552056 _____ () C:\Program Files (x86)\Opera\27.0.1689.66\opera_crashreporter.exe
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-10-24 19:47 - 2014-10-24 19:47 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2011-10-20 09:18 - 2011-01-13 01:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-17 01:37 - 2014-05-17 01:37 - 00506664 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
2015-02-03 15:30 - 2015-02-03 15:30 - 01408632 _____ () C:\Program Files (x86)\Opera\27.0.1689.66\libglesv2.dll
2015-02-03 15:30 - 2015-02-03 15:30 - 00219256 _____ () C:\Program Files (x86)\Opera\27.0.1689.66\libegl.dll
2015-02-03 15:30 - 2015-02-03 15:30 - 09510520 _____ () C:\Program Files (x86)\Opera\27.0.1689.66\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:AD022376
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1690209641-3373620738-964198196-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Coco xD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1690209641-3373620738-964198196-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Corinna Heindel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1690209641-3373620738-964198196-500 - Administrator - Disabled)
Coco xD (S-1-5-21-1690209641-3373620738-964198196-1000 - Administrator - Enabled) => C:\Users\Coco xD
Corinna Heindel (S-1-5-21-1690209641-3373620738-964198196-1004 - Limited - Enabled) => C:\Users\Corinna Heindel
Gast (S-1-5-21-1690209641-3373620738-964198196-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1690209641-3373620738-964198196-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/12/2015 10:05:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d019
Name des fehlerhaften Moduls: TQUERY.DLL, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0e17a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000013be34
ID des fehlerhaften Prozesses: 0x1058
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3
Error: (02/12/2015 07:07:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32916
Error: (02/12/2015 07:07:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32916
Error: (02/12/2015 07:07:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/12/2015 07:06:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
Error: (02/12/2015 07:06:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
Error: (02/12/2015 07:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/12/2015 05:46:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm winword.exe, Version 15.0.4673.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 179c
Startzeit: 01d046e131649c30
Endzeit: 16
Anwendungspfad: C:\Program Files\Microsoft Office 15\root\office15\winword.exe
Berichts-ID: 6ea07040-b2d6-11e4-b239-dc0ea11955b5
Error: (02/12/2015 05:41:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 6.20.0.104 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 29ac
Startzeit: 01d046e0e4332e07
Endzeit: 1137
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID: e8cae2c2-b2d5-11e4-b239-dc0ea11955b5
Error: (02/12/2015 05:32:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x270
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
System errors:
=============
Error: (02/12/2015 10:06:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/07/2015 02:54:02 PM) (Source: volsnap) (EventID: 67) (User: )
Description: Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert werden.
Error: (01/29/2015 01:55:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
Error: (01/27/2015 04:42:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Hotspot Shield Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/26/2015 08:12:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/26/2015 08:09:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cybyjmwm
Error: (01/26/2015 08:09:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (01/26/2015 08:08:25 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000003, 0xfffffa800401a060, 0xfffff800049873d8, 0xfffffa8008b58c60)C:\Windows\MEMORY.DMP012615-19827-01
Error: (01/26/2015 08:08:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 26.01.2015 um 19:40:10 unerwartet heruntergefahren.
Error: (01/26/2015 04:39:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cybyjmwm
Microsoft Office Sessions:
=========================
Error: (02/12/2015 10:05:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac0000005000000000013be34105801d0399bd27e16feC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLLe6005348-b2fa-11e4-b239-dc0ea11955b5
Error: (02/12/2015 07:07:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32916
Error: (02/12/2015 07:07:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32916
Error: (02/12/2015 07:07:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/12/2015 07:06:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
Error: (02/12/2015 07:06:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
Error: (02/12/2015 07:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/12/2015 05:46:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: winword.exe15.0.4673.1000179c01d046e131649c3016C:\Program Files\Microsoft Office 15\root\office15\winword.exe6ea07040-b2d6-11e4-b239-dc0ea11955b5
Error: (02/12/2015 05:41:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.20.0.10429ac01d046e0e4332e071137C:\Program Files (x86)\Skype\Phone\Skype.exee8cae2c2-b2d5-11e4-b239-dc0ea11955b5
Error: (02/12/2015 05:32:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410227001d0399b7a3b6a44C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllad354dcc-b2d4-11e4-b239-dc0ea11955b5
CodeIntegrity Errors:
===================================
Date: 2014-05-28 18:06:27.661
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-28 18:06:27.616
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 58%
Total physical RAM: 4077.86 MB
Available physical RAM: 1672.23 MB
Total Pagefile: 8153.9 MB
Available Pagefile: 4203.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:317.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2018BB1A)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
| Themen zu Keine Ahnung, was da los ist (Laptop spinnt) |
| ahnung, autostart, avira, branding, disable, enthält, extrem, extrem langsam, gefunde, gelöscht, hotspot, infiziert, keine ahnung, langsam, laptop, laptop spinnt, launch, malware, msiexec.exe, schei, schließe, spinn, spinnt, super |
Baum-Darstellung