Win7: Spam Mail angeklickt / T-Mobile Rechnung
Hi,
ich hab leider völlig geistesabwesend eine Spam Mail geöffnet die von Rechnung@T-Mobile kam.
Die Datei hieß "rechnung_353479_2.rtf". Der Inhallt war ein Symbol zum Doppelklicken. Habs leider angeklickt
Habe schon Antivir und Ad-Aware drüber laufen lassen. Bin mir jetzt nicht sicher, ob ich Virenfrei bin.
FRST
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014
Ran by Hish (administrator) on HISH-PC on 04-03-2014 18:11:31
Running from C:\Users\Hish\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Antivir\Avira\AntiVir Desktop\avshadow.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) D:\Programme\Adobe\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Antivir\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) D:\Programme\Firefox\firefox.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [675568 2013-06-20] (Synaptics)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [RtsFT] - C:\Windows\RTFTrack.exe [6339656 2013-05-15] (Realtek semiconductor)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [AdAwareTray] - D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] - D:\Programme\MS Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - D:\Programme\Adobe\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - D:\Programme\Antivir\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications))
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x33E130C33524CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\MS Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
FireFox:
========
FF ProfilePath: C:\Users\Hish\AppData\Roaming\Mozilla\Firefox\Profiles\upiv23qx.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - D:\Programme\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flagfox - C:\Users\Hish\AppData\Roaming\Mozilla\Firefox\Profiles\upiv23qx.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2014-01-27]
FF Extension: EPUBReader - C:\Users\Hish\AppData\Roaming\Mozilla\Firefox\Profiles\upiv23qx.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-02-18]
FF Extension: FastestFox - C:\Users\Hish\AppData\Roaming\Mozilla\Firefox\Profiles\upiv23qx.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-02-02]
FF Extension: CouponsHelper - C:\Users\Hish\AppData\Roaming\Mozilla\Firefox\Profiles\upiv23qx.default\Extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi [2014-01-27]
FF Extension: Adblock Plus - C:\Users\Hish\AppData\Roaming\Mozilla\Firefox\Profiles\upiv23qx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-27]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; D:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2228440 2013-04-23] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-01-02] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 LavasoftAdAwareService11; D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\MS Office\Office14\GROOVE.EXE [30969208 2010-03-25] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-04-23] (Broadcom Corporation.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-05-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2014-03-04] (secr9tos)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243528 2013-05-15] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-01-24] (Duplex Secure Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [101840 2012-07-05] ("CyberLink)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-04 18:11 - 2014-03-04 18:11 - 00017535 _____ () C:\Users\Hish\Desktop\FRST.txt
2014-03-04 18:11 - 2014-03-04 18:11 - 00000000 ____D () C:\FRST
2014-03-04 18:06 - 2014-03-04 18:06 - 00000580 _____ () C:\Users\Hish\Desktop\defogger_disable.log
2014-03-04 18:06 - 2014-03-04 18:06 - 00000020 _____ () C:\Users\Hish\defogger_reenable
2014-03-04 18:05 - 2014-03-04 18:05 - 00010508 _____ () C:\Users\Hish\Desktop\Ereignisse.txt
2014-03-04 18:03 - 2014-03-04 18:03 - 02156544 _____ (Farbar) C:\Users\Hish\Desktop\FRST64.exe
2014-03-04 18:02 - 2014-03-04 18:02 - 00050477 _____ () C:\Users\Hish\Desktop\Defogger.exe
2014-03-03 20:45 - 2014-03-03 20:45 - 00000000 ____D () C:\Users\Hish\AppData\Roaming\LavasoftStatistics
2014-03-03 20:31 - 2014-03-04 18:08 - 00001069 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-03-03 20:30 - 2014-03-03 20:30 - 00000000 ____D () C:\Users\Hish\AppData\Roaming\Lavasoft
2014-03-03 20:30 - 2014-03-03 20:30 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-03-03 20:29 - 2014-03-03 20:29 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-01 12:49 - 2014-03-01 12:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-01 12:47 - 2014-03-01 12:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-02-26 17:11 - 2014-02-26 18:33 - 00000000 ____D () C:\Users\Hish\AppData\Local\AGeeksToy
2014-02-26 17:11 - 2014-02-26 17:11 - 00000000 ____D () C:\ProgramData\AGeeksToy
2014-02-26 17:10 - 2014-02-26 17:10 - 00002559 _____ () C:\Users\Public\Desktop\Geeks Toy (Betfair).lnk
2014-02-23 20:07 - 2014-02-23 20:07 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-23 13:26 - 2014-02-23 13:26 - 00000000 ____D () C:\Users\Hish\AppData\Roaming\Avira
2014-02-23 13:21 - 2014-02-23 13:21 - 00000000 ____D () C:\ProgramData\Avira
2014-02-23 13:21 - 2014-02-14 11:00 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-23 13:21 - 2014-02-14 11:00 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-23 13:21 - 2014-02-14 11:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
==================== One Month Modified Files and Folders =======
2014-03-04 18:11 - 2014-03-04 18:11 - 00017535 _____ () C:\Users\Hish\Desktop\FRST.txt
2014-03-04 18:11 - 2014-03-04 18:11 - 00000000 ____D () C:\FRST
2014-03-04 18:08 - 2014-03-03 20:31 - 00001069 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-03-04 18:08 - 2011-04-13 19:12 - 00020687 _____ () C:\Windows\setupact.log
2014-03-04 18:07 - 2014-01-27 12:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-04 18:07 - 2014-01-21 15:17 - 00042496 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv64.sys
2014-03-04 18:07 - 2010-11-21 04:47 - 00232454 _____ () C:\Windows\PFRO.log
2014-03-04 18:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 18:07 - 2009-07-14 05:45 - 00436784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-04 18:06 - 2014-03-04 18:06 - 00000580 _____ () C:\Users\Hish\Desktop\defogger_disable.log
2014-03-04 18:06 - 2014-03-04 18:06 - 00000020 _____ () C:\Users\Hish\defogger_reenable
2014-03-04 18:06 - 2014-01-21 15:23 - 00253390 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 18:06 - 2014-01-21 15:17 - 00000000 ____D () C:\Users\Hish
2014-03-04 18:05 - 2014-03-04 18:05 - 00010508 _____ () C:\Users\Hish\Desktop\Ereignisse.txt
2014-03-04 18:03 - 2014-03-04 18:03 - 02156544 _____ (Farbar) C:\Users\Hish\Desktop\FRST64.exe
2014-03-04 18:02 - 2014-03-04 18:02 - 00050477 _____ () C:\Users\Hish\Desktop\Defogger.exe
2014-03-03 23:46 - 2014-01-21 21:27 - 00000000 ____D () C:\Users\Hish\AppData\Roaming\vlc
2014-03-03 20:45 - 2014-03-03 20:45 - 00000000 ____D () C:\Users\Hish\AppData\Roaming\LavasoftStatistics
2014-03-03 20:30 - 2014-03-03 20:30 - 00000000 ____D () C:\Users\Hish\AppData\Roaming\Lavasoft
2014-03-03 20:30 - 2014-03-03 20:30 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-03-03 20:29 - 2014-03-03 20:29 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-02 15:17 - 2010-11-21 07:50 - 00697408 _____ () C:\Windows\system32\perfh007.dat
2014-03-02 15:17 - 2010-11-21 07:50 - 00148170 _____ () C:\Windows\system32\perfc007.dat
2014-03-02 15:17 - 2009-07-14 06:13 - 01614582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-01 12:53 - 2014-01-23 19:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-01 12:50 - 2014-01-21 15:31 - 00110656 _____ () C:\Users\Hish\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-01 12:49 - 2014-03-01 12:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-01 12:47 - 2014-03-01 12:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-02-26 18:33 - 2014-02-26 17:11 - 00000000 ____D () C:\Users\Hish\AppData\Local\AGeeksToy
2014-02-26 17:49 - 2009-07-14 05:45 - 00026080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 17:49 - 2009-07-14 05:45 - 00026080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 17:11 - 2014-02-26 17:11 - 00000000 ____D () C:\ProgramData\AGeeksToy
2014-02-26 17:10 - 2014-02-26 17:10 - 00002559 _____ () C:\Users\Public\Desktop\Geeks Toy (Betfair).lnk
2014-02-25 08:08 - 2014-01-21 16:54 - 00000000 ____D () C:\Users\Hish\Documents\Bluetooth Folder
2014-02-25 08:07 - 2014-01-27 12:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-23 20:07 - 2014-02-23 20:07 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-23 13:26 - 2014-02-23 13:26 - 00000000 ____D () C:\Users\Hish\AppData\Roaming\Avira
2014-02-23 13:21 - 2014-02-23 13:21 - 00000000 ____D () C:\ProgramData\Avira
2014-02-16 18:17 - 2014-01-21 21:07 - 00000000 ____D () C:\Users\Hish\AppData\Local\CrashDumps
2014-02-14 11:00 - 2014-02-23 13:21 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-14 11:00 - 2014-02-23 13:21 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-14 11:00 - 2014-02-23 13:21 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-07 19:53 - 2014-01-27 22:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-07 19:53 - 2014-01-27 22:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Hish\AppData\Local\Temp\avgnt.exe
C:\Users\Hish\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Hish\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Hish\AppData\Local\Temp\nvStInst.exe
C:\Users\Hish\AppData\Local\Temp\vlc-2.1.2-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
LastRegBack: 2014-02-21 19:24
==================== End Of Log ============================
--- --- ---
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2014
Ran by Hish at 2014-03-04 18:11:52
Running from C:\Users\Hish\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
Ad-Aware Antivirus (HKLM\...\{6A16ADA5-0B30-4893-84AB-961B1340D14A}_AdAwareUpdater) (Version: 11.1.5354.0 - Lavasoft)
AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AGT Pro - Betfair (HKLM-x32\...\{2EFF9880-1FF2-4062-AD52-8CD8345DEEC7}) (Version: 1.2.14 - The Geek)
AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
Deponia (HKLM-x32\...\Deponia) (Version: 1.0 - Daedalic Entertainment)
DirectX Media Runtime 5.2b (HKLM-x32\...\DirectXMediaRuntime) (Version: - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.3.50 - Lenovo)
Energy Management (x32 Version: 8.0.3.50 - Lenovo) Hidden
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36943 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.01.0000.0480 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.1.1306.0352 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.4.1001 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{702b0b5f-bcbb-44fc-b613-e96f2a3006ed}) (Version: 16.1.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.0000.0213 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10233 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{36CE10BD-A076-4DE3-A8A7-2F61E3FB2E6A}) (Version: 6.20.55.14 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.59.132 - Lenovo)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4569.1507 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1507 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1507 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1507 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30158 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.19 - Synaptics Incorporated)
The Cave (HKLM-x32\...\The Cave_is1) (Version: - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WET - The Sexy Empire (HKLM-x32\...\WET - The Sexy Empire) (Version: - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.66 - Nullsoft, Inc)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Restore Points =========================
23-02-2014 13:36:53 Geplanter Prüfpunkt
26-02-2014 16:10:05 AGT Pro - Betfair wird installiert
03-03-2014 19:29:34 AA11
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {BD624EE9-46E5-43F8-9CF1-A7A496D96F19} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {C102AD92-30D1-459D-9115-E44D0B71AB15} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-01] (Microsoft Corporation)
Task: {C94E675C-914B-44AC-85EB-3C2B27604FC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-01] (Microsoft Corporation)
Task: {F3DF71E2-6BEB-47A1-9D21-100CBCF22666} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-01] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) =============
2014-01-27 12:16 - 2013-12-19 19:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-01 12:47 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-01 12:47 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-01-23 16:09 - 2014-01-23 16:09 - 00702744 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
2014-01-23 16:30 - 2014-01-23 16:30 - 00103800 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll
2014-01-23 16:30 - 2014-01-23 16:30 - 00024440 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00033656 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00055680 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00123776 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 03720040 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareServiceKernel.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00685904 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll
2014-01-23 16:30 - 2014-01-23 16:30 - 00158032 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 02595144 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00788856 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_regex-vc100-mt-1_55.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00602984 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareActivation.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00291192 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareApplicationUpdater.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00142696 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareGamingMode.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00098648 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareReset.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00120152 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTime.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00268152 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdater.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00198024 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00417128 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIgnoreList.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00253800 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareQuarantine.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00293744 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiMalwareEngine.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00212336 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiRootkitEngine.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00509808 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerHistory.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00607584 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScanner.dll
2014-01-23 16:30 - 2014-01-23 16:30 - 00035192 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_timer-vc100-mt-1_55.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00325488 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerScheduler.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00333688 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareRealTimeProtection.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00227688 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIncompatibles.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00219488 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiSpam.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00129896 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiPhishing.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00599920 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareParentalControl.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 01926504 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareWebProtection.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00263536 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareEmailProtection.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00650608 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareNetworkProtection.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00490848 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareInstaller.dll
2014-01-23 16:30 - 2014-01-23 16:30 - 00106824 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\zlib.dll
2014-01-23 16:30 - 2014-01-23 16:30 - 00149840 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\libssh2.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00358744 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwarePromo.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00291680 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareFeedback.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00154464 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SecurityCenter.dll
2013-07-17 17:10 - 2013-07-17 17:10 - 00777296 _____ () D:\Programme\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\BDSmartDB.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-06-28 06:00 - 2013-06-28 06:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 04114264 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
2014-01-23 16:29 - 2014-01-23 16:29 - 00500088 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_locale-vc100-mt-1_55.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00361824 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\HtmlFramework.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00066904 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\DllStorage.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00788848 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTrayDefaultSkin.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00139608 _____ () D:\Programme\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\Localization.dll
2014-02-23 13:21 - 2014-02-14 11:00 - 00394808 _____ () D:\Programme\Antivir\Avira\AntiVir Desktop\sqlite3.dll
2014-02-15 22:13 - 2014-02-15 22:13 - 03578992 _____ () D:\Programme\Firefox\mozjs.dll
2014-01-21 21:14 - 2013-05-16 10:09 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Bluetooth Server
Description: Bluetooth Server
Class Guid: {34446e8e-37b4-4b16-9da6-bea2db33465a}
Manufacturer: Intel Corporation
Service: btmaux
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/04/2014 06:08:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/04/2014 06:08:21 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (03/04/2014 06:08:21 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (03/04/2014 06:08:21 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (03/04/2014 05:43:13 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: bbc
Startzeit: 01cf31f842b026a4
Endzeit: 30
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: f7d5044d-a3bb-11e3-adc5-8056f2e93abc
Error: (03/02/2014 10:32:17 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -2143485946
Error: (03/02/2014 10:32:17 PM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {72E6F32A-D473-41A8-8DA1-4FCE8C86A1D3}
Error: (03/01/2014 02:36:16 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (03/01/2014 02:36:15 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (03/01/2014 02:36:14 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
System errors:
=============
Error: (02/10/2014 08:15:19 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \...\DR14 gefunden.
Error: (01/27/2014 00:14:16 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/24/2014 00:35:24 AM) (Source: DCOM) (User: )
Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (01/22/2014 02:17:59 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (01/21/2014 09:31:13 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
Error: (01/21/2014 08:13:31 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR12 gefunden.
Error: (01/21/2014 04:53:57 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (01/21/2014 04:51:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/21/2014 04:28:42 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "\Device\HarddiskVolumeShadowCopy11" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (01/21/2014 04:27:25 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "\Device\HarddiskVolumeShadowCopy10" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Microsoft Office Sessions:
=========================
Error: (03/04/2014 06:08:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/04/2014 06:08:21 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (03/04/2014 06:08:21 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (03/04/2014 06:08:21 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (03/04/2014 05:43:13 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17514bbc01cf31f842b026a430C:\Windows\Explorer.EXEf7d5044d-a3bb-11e3-adc5-8056f2e93abc
Error: (03/02/2014 10:32:17 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -2143485946
Error: (03/02/2014 10:32:17 PM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {72E6F32A-D473-41A8-8DA1-4FCE8C86A1D3}
Error: (03/01/2014 02:36:16 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (03/01/2014 02:36:15 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (03/01/2014 02:36:14 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
==================== Memory info ===========================
Percentage of memory in use: 28%
Total physical RAM: 7948.36 MB
Available physical RAM: 5656.35 MB
Total Pagefile: 15894.92 MB
Available Pagefile: 13517.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:98.24 GB) (Free:53.93 GB) NTFS
Drive d: (Personal) (Fixed) (Total:367.43 GB) (Free:64.23 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D9FA2484)
Partition: GPT Partition Type.
==================== End Of Log ============================
Antivir: Code:
Exportierte Ereignisse:
04.03.2014 17:46 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hish\AppData\Local\Temp\rechnung_3_2.cpl'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.132069' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
04.03.2014 17:46 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hish\AppData\Local\Temp\rechnung_3_2.cpl'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.132069' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
04.03.2014 17:46 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hish\AppData\Local\Temp\rechnung_3_2.cpl'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.132069' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.03.2014 17:46 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hish\AppData\Local\Temp\rechnung_3_2.cpl'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.132069' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
04.03.2014 17:46 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hish\AppData\Local\Temp\rechnung_3_2.cpl'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.132069' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
04.03.2014 17:46 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hish\AppData\Local\Temp\rechnung_3_2.cpl'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.132069' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
04.03.2014 17:46 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hish\AppData\Local\Temp\rechnung_3_2.cpl'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.132069' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
04.03.2014 17:46 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hish\AppData\Local\Temp\rechnung_3_2.cpl'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.132069' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
04.03.2014 17:41 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer HISH-PC (192.168.0.12) erfolgreich
durchgeführt.
Folgende Dateien wurden von "hxxp://2.16.52.25/update" aktualisiert:
vbase031.vdf 7.11.134.160
aevdf.dat 7.11.134.160
webcat4.dat
04.03.2014 17:41 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.
04.03.2014 05:47 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.
03.03.2014 21:17 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer HISH-PC (192.168.0.12) erfolgreich
durchgeführt.
Folgende Dateien wurden von "hxxp://2.16.52.105/update" aktualisiert:
vbase031.vdf 7.11.134.148
aevdf.dat 7.11.134.148
webcat3.dat
webcat4.dat
03.03.2014 21:17 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.
03.03.2014 21:15 [System-Scanner] Malware gefunden
Die Datei
'D:\$RECYCLE.BIN\S-1-5-21-2732181704-1824459313-1173879330-1000\$R83JY5H.rar'
enthielt einen Virus oder unerwünschtes Programm 'DR/Delphi.Gen' [dropper].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7aa67768.qua'
verschoben!
03.03.2014 21:15 [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\Setup\Scripts\odin.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.CE.10' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3f135a3f.qua'
verschoben!
03.03.2014 21:15 [System-Scanner] Suche
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 940376
Anzahl Verzeichnisse: 29104
Anzahl Malware: 8
Anzahl Warnungen: 3
03.03.2014 21:15 [System-Scanner] Malware gefunden
Die Datei
'D:\$RECYCLE.BIN\S-1-5-21-2732181704-1824459313-1173879330-1000\$RCFBAZ9.exe'
enthielt einen Virus oder unerwünschtes Programm 'DR/Delphi.Gen' [dropper].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1c8a38a9.qua'
verschoben!
03.03.2014 21:15 [System-Scanner] Malware gefunden
Die Datei 'D:\Heisam\Setups\winrar\Winrar_3.90_32_64bit_Final.rar'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56974dff.qua'
verschoben!
03.03.2014 21:15 [System-Scanner] Malware gefunden
Die Datei
'D:\$RECYCLE.BIN\S-1-5-21-2732181704-1824459313-1173879330-1000\$RZ7JKUG.exe'
enthielt einen Virus oder unerwünschtes Programm 'DR/Delphi.Gen' [dropper].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4eec6241.qua'
verschoben!
Ad-Aware: Code:
<?xml version="1.0"?>
-<Summary> <ScanInfo EndTime="20140303T213512.816796" StartTime="20140303T202011.816796" ScanType="Full" ScanMode="Manual"/> -<InfectedObjects> <InfectedObject ThreatName="Cookie.Adtech" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\Low\hish@adtech[2].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.Advertising" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\Low\hish@advertising[2].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.DoubleClick" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\Low\hish@doubleclick[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.Rub" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\Low\hish@pixel.rubiconproject[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.Ru4" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\Low\hish@ru4[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.Rub" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\Low\hish@rubiconproject[2].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.Statcounter" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\Low\hish@statcounter[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.Rub" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\Low\hish@tap.rubiconproject[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.2o7" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\hish@2o7[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.Adtech" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\hish@adtech[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.BurstNet" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\hish@burstnet[2].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.Casalemedia" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\hish@casalemedia[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.DoubleClick" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\hish@doubleclick[2].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.Rub" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\hish@pixel.rubiconproject[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.Rub" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\hish@rubiconproject[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.SmartAdServer" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\hish@smartadserver[2].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.Rub" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\hish@tap.rubiconproject[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.TribalFusion" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\hish@tribalfusion[2].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.SmartAdServer" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\hish@ww251.smartadserver[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Cookie.Zedo" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Roaming\Microsoft\Windows\Cookies\hish@zedo[1].txt" ObjectType="Cookie"/> <InfectedObject ThreatName="Trojan.Generic.3794301" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1c8a38a9.qua" ObjectType="File"/> <InfectedObject ThreatName="Gen:Variant.Graftor.132069" ThreatType="Virus" ObjectStatus="DeletedReboot" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Local\Microsoft\Office\UnsavedFiles\rechnung_353479_2((Unsaved-303572761035344304)).asd" ObjectType="File"/> <InfectedObject ThreatName="Trojan.Generic.10072998" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\ProgramData\Avira\AntiVir Desktop\INFECTED\3f135a3f.qua" ObjectType="File"/> <InfectedObject ThreatName="Trojan.Generic.3794301" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4eec6241.qua" ObjectType="File"/> <InfectedObject ThreatName="Gen:Variant.Barys.279" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\ProgramData\Avira\AntiVir Desktop\INFECTED\56974dff.qua" ObjectType="File"/> <InfectedObject ThreatName="Trojan.Generic.3794301" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\ProgramData\Avira\AntiVir Desktop\INFECTED\7aa67768.qua" ObjectType="File"/> <InfectedObject ThreatName="Gen:Variant.Adware.BProtector.5" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Local\Temp\is-8UIJR.tmp\OptProCrash.dll" ObjectType="File"/> <InfectedObject ThreatName="Gen:Variant.Graftor.132069" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Local\Temp\rechnung_353479_2-1.rtf" ObjectType="File"/> <InfectedObject ThreatName="Gen:Variant.Graftor.132069" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\Desktop\rechnung_353479_2.rtf" ObjectType="File"/> <InfectedObject ThreatName="Application.Generic.590571" ThreatType="App" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Local\Temp\is1070216317\18191573_stp\OptimizerPro.exe" ObjectType="File"/> <InfectedObject ThreatName="Gen:Variant.Graftor.132069" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Local\Temp\rechnung_353479_2-2.rtf" ObjectType="File"/> <InfectedObject ThreatName="Gen:Variant.Graftor.132069" ThreatType="Virus" ObjectStatus="Deleted" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Local\Temp\rechnung_353479_2.rtf" ObjectType="File"/> <InfectedObject ThreatName="Gen:Variant.Graftor.132069" ThreatType="Virus" ObjectStatus="DeletedReboot" InnerObject="" ParentContainers="" ObjectPath="C:\Users\Hish\AppData\Local\Temp\rechnung_3_2.cpl" ObjectType="File"/> <InfectedObject ThreatName="Gen:Application.Heur.fq1@baW4MDpO" ThreatType="App" ObjectStatus="Infected" InnerObject="" ParentContainers="" ObjectPath="D:\Heisam\Tools\passwordfox1\PasswordFox.exe" ObjectType="File"/> <InfectedObject ThreatName="Gen:Application.Heur.fq1@baW4MDpO" ThreatType="Virus" ObjectStatus="Infected" InnerObject="" ParentContainers="" ObjectPath="D:\Heisam\Tools\passwordfox1.zip" ObjectType="File"/> <InfectedObject ThreatName="Gen:Application.Heur.cmKfbibKeYfO" ThreatType="App" ObjectStatus="Infected" InnerObject="" ParentContainers="" ObjectPath="D:\Heisam\Tools\PasswordFox.exe" ObjectType="File"/> <InfectedObject ThreatName="Application.NirSoft.FoxPassView.E" ThreatType="Virus" ObjectStatus="Infected" InnerObject="" ParentContainers="" ObjectPath="D:\Heisam\Tools\passwordfox.zip" ObjectType="File"/> <InfectedObject ThreatName="Gen:Application.Heur.cmKfbibKeYfO" ThreatType="Virus" ObjectStatus="Infected" InnerObject="" ParentContainers="" ObjectPath="D:\Heisam\Tools\passwordfox2.zip" ObjectType="File"/> </InfectedObjects> </Summary>
GMER is leider zu groß, sowohl als Datei als auch Log | 