Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Laptop fährt hoch, CPU-Auslastung dauerhaft 100% und hängt sich dann auf; im abgesicherten Modus alles ok (https://www.trojaner-board.de/168743-laptop-faehrt-hoch-cpu-auslastung-dauerhaft-100-haengt-dann-abgesicherten-modus-alles-ok.html)

cosinus 17.07.2015 09:03
Die Platte hat schon Alterserschinungen...

=> C5 100 100 __0 000000000005 Aktuell ausstehende Sektoren

Ist IMHO grenzwertig. Solltest du im Auge behalten. Daten gesichert?

noki 17.07.2015 09:11
Ja, mache ich ständig. Wie ursprünglich erwähnt, Laptop ist 7-8 Jahre alt und wird täglich mehrere Stunden benutzt.

Mehr kann man also jetzt nicht mehr machen. Hat aber alles auch schon eine Menge gebracht. :-)

cosinus 17.07.2015 09:14
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

noki 17.07.2015 16:55

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by noki (administrator) on NOKI-PC on 17-07-2015 17:34:21
Running from D:\
Loaded Profiles: noki & postgres (Available Profiles: noki & postgres)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(ASUSTek.) C:\Program Files\ASUS\Direct Console\DCHelper.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\P4P\P4P.exe
(ASUSTek.) C:\Program Files\ASUS\Direct Console\Direct Console.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
() C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(Dell Inc.) C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDFViewer\PdfPro7Hook.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Dell Printers\OpenManage\OMPMv2.0\client\OMPMWatchdogService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Logitech Inc.) C:\Program Files\SetPoint\SetPoint.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [8105984 2008-09-03] (ASUS)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [PowerForPhone] => C:\Program Files\P4P\P4P.exe [778240 2008-01-26] ()
HKLM\...\Run: [DirectConsole2] => C:\Program Files\ASUS\Direct Console\Direct Console.exe [2705976 2008-08-21] (ASUSTek.)
HKLM\...\Run: [TrayServer] => C:\Program Files\MAGIX\Filme_auf_DVD_8\TrayServer.exe [90112 2008-01-17] (MAGIX AG)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [56080 2007-04-12] (Logitech Inc.)
HKLM\...\Run: [ALDI_NORD_FotoSuite_Download] => C:\Program Files\ALDI Nord Foto Service\ALDI_Foto_Service\FotoSuite.exe [1257472 2008-11-13] (MAGIX AG)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-08-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2013-10-27] (Greenshot)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [LauncherC1765nf] => C:\Program Files\Dell Printers\Printer SSW\Launcher\dlm1launcher.exe [2471928 2013-08-13] (Dell Inc.)
HKLM\...\Run: [StatusAutoRunC1765nf] => C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe [3024360 2013-02-06] (Dell Inc.)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [36168 2013-05-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [18248 2013-05-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort14reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [330056 2013-03-14] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFProHook] => C:\Program Files\Nuance\PDFViewer\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc.)
HKLM\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-11-21] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKU\S-1-5-21-1619064115-466689268-4177747022-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1619064115-466689268-4177747022-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1084840 2012-05-16] (Nokia)
HKU\S-1-5-21-1619064115-466689268-4177747022-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-08-22] (TomTom)
HKU\S-1-5-21-1619064115-466689268-4177747022-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1619064115-466689268-4177747022-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-07-17] (Lavasoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2009-03-25]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2008-12-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk [2013-03-29]
ShortcutTarget: HD Writer.lnk -> C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk [2008-12-04]
ShortcutTarget: SetPoint.lnk -> C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-12-21]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [2007-06-02] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-1619064115-466689268-4177747022-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1619064115-466689268-4177747022-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Wetter aktuell, Wettervorhersage und Wetterbericht - WetterOnline
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = {searchTerms} - Google Search
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1619064115-466689268-4177747022-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = {searchTerms} - Google Search
SearchScopes: HKU\S-1-5-21-1619064115-466689268-4177747022-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = {searchTerms - Bing}
SearchScopes: HKU\S-1-5-21-1619064115-466689268-4177747022-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = {searchTerms} - Google Search
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx
DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1375990510233
DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-17] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-17] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-17] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-17] (Lavasoft Limited)
Winsock: Catalog9 44 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-17] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FEA61DD9-6138-4BB7-83A2-5A1E647F7064}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\noki\AppData\Roaming\Mozilla\Firefox\Profiles\p25m8g9e.default
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D071715-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
FF Keyword.URL:
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D071715-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-17] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-05-16] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1619064115-466689268-4177747022-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll [2012-10-04] (Amazon.com, Inc.)
FF Extension: Avira Browser Safety - C:\Users\noki\AppData\Roaming\Mozilla\Firefox\Profiles\p25m8g9e.default\Extensions\abs@avira.com [2015-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-17]
Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\noki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\noki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-25]
CHR Extension: (Google Search) - C:\Users\noki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-25]
CHR Extension: (Gmail) - C:\Users\noki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2009-03-25] () [File not signed]
R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825136 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-14] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 DLNBDB; C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [191464 2013-02-06] ()
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-07-17] (Lavasoft Limited)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 OMPM Service; C:\Program Files\Dell Printers\OpenManage\OMPMv2.0\client\rdmf_clientd.exe [5738823 2014-03-06] () [File not signed]
S2 OMPMJBASSVC; C:\Program Files\Dell Printers\OpenManage\OMPMv2.0\server\jboss-as\bin\jbosssvc.exe [61440 2011-08-11] (Red Hat®, Inc.) [File not signed]
R2 OMPMWatchdogService; C:\Program Files\Dell Printers\OpenManage\OMPMv2.0\client\OMPMWatchdogService.exe [199633 2014-03-18] () [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-29] (Nuance Communications, Inc.)
R2 postgresql-8.4; C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2012-08-16] (PostgreSQL Global Development Group) [File not signed]
R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [13312 2015-07-17] () [File not signed]
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-19] (ITE Tech. Inc. )
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28688 2007-04-12] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-07-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
S3 PhotoFrame; C:\Windows\System32\DRIVERS\PhotoFrame.sys [30464 2007-09-11] (ETC) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45744 2011-10-04] (Rovi Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1748352 2008-06-09] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-10] (Avira Operations GmbH & Co. KG)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45696 2007-04-25] (eMPIA Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\noki\AppData\Local\Temp\catchme.sys [X]
S4 Eskgfroc; No ImagePath
S3 GigasetGenericUSB; system32\DRIVERS\GigasetGenericUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-17 08:42 - 2015-07-17 08:42 - 00160408 _____ C:\Windows\Minidump\Mini071715-01.dmp
2015-07-17 07:48 - 2015-07-17 07:48 - 00342016 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-07-17 07:48 - 2015-07-17 07:48 - 00002920 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-07-17 07:48 - 2015-07-17 07:48 - 00000000 ____D C:\Users\noki\AppData\Roaming\Lavasoft
2015-07-17 07:48 - 2015-07-17 07:48 - 00000000 ____D C:\Users\noki\AppData\Local\Lavasoft
2015-07-17 07:48 - 2015-07-17 07:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-17 07:48 - 2015-07-17 07:48 - 00000000 ____D C:\ProgramData\Lavasoft
2015-07-17 07:48 - 2015-07-17 07:48 - 00000000 ____D C:\Program Files\Lavasoft
2015-07-17 07:47 - 2015-07-17 07:48 - 00000000 ____D C:\Program Files\CrystalDiskInfo
2015-07-17 07:47 - 2015-07-17 07:47 - 00001732 _____ C:\Users\noki\Desktop\CrystalDiskInfo.lnk
2015-07-17 07:47 - 2015-07-17 07:47 - 00000000 ____D C:\Users\noki\AppData\Roaming\OpenCandy
2015-07-17 07:47 - 2015-07-17 07:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2015-07-16 19:24 - 2015-07-16 19:24 - 00000000 __SHD C:\found.004
2015-07-16 17:16 - 2015-07-16 17:16 - 00001301 _____ C:\Users\noki\Desktop\JRT.txt
2015-07-16 16:38 - 2015-07-16 16:38 - 00000000 __SHD C:\found.003
2015-07-16 16:22 - 2015-07-16 16:22 - 00013389 _____ C:\ComboFix.txt
2015-07-16 16:03 - 2015-07-16 16:22 - 00000000 ____D C:\ComboFix
2015-07-16 15:47 - 2015-07-16 14:38 - 05634275 ____R (Swearware) C:\Users\noki\Desktop\ComboFix.exe
2015-07-16 14:33 - 2015-06-17 18:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-16 14:33 - 2015-06-17 17:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-16 14:13 - 2015-07-16 14:13 - 00160408 _____ C:\Windows\Minidump\Mini071615-01.dmp
2015-07-16 12:27 - 2015-07-16 12:31 - 00000000 ____D C:\AdwCleaner
2015-07-16 11:57 - 2015-07-16 12:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 11:56 - 2015-07-16 11:56 - 00000866 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-16 11:56 - 2015-07-16 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-16 11:56 - 2015-07-16 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-16 11:56 - 2015-07-16 11:56 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-16 11:56 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-16 11:56 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-16 11:56 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-16 11:00 - 2015-07-03 18:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-16 11:00 - 2015-06-25 04:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-16 10:23 - 2015-06-12 18:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-16 00:34 - 2015-07-07 17:58 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-16 00:34 - 2015-07-07 16:22 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 23:52 - 2015-07-15 23:52 - 00000000 ____D C:\found.002
2015-07-15 23:14 - 2015-07-15 23:14 - 00160408 _____ C:\Windows\Minidump\Mini071515-01.dmp
2015-07-15 23:09 - 2015-06-23 18:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 22:49 - 2015-07-15 22:49 - 00000000 ____D C:\Users\noki\Documents\SapWorkDir
2015-07-15 22:28 - 2015-05-31 10:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 22:27 - 2015-07-17 17:34 - 00000000 ____D C:\FRST
2015-07-15 22:24 - 2015-07-15 22:24 - 00000000 _____ C:\Users\noki\defogger_reenable
2015-07-14 22:10 - 2015-07-03 07:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 22:10 - 2015-07-03 07:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 22:09 - 2015-06-17 03:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 22:09 - 2015-06-17 03:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 22:09 - 2015-06-17 03:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 22:09 - 2015-06-17 03:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 22:09 - 2015-06-17 03:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 22:09 - 2015-06-17 03:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 22:09 - 2015-06-17 03:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 22:09 - 2015-06-17 03:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 22:09 - 2015-06-17 03:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 22:09 - 2015-06-17 03:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 22:09 - 2015-06-17 03:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 22:09 - 2015-06-17 03:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-14 22:09 - 2015-06-17 03:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 22:09 - 2015-06-17 03:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 22:09 - 2015-06-17 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 22:09 - 2015-06-17 03:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 22:09 - 2015-06-17 03:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 22:09 - 2015-06-17 03:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-14 22:09 - 2015-06-17 03:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-14 22:09 - 2015-06-17 03:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-11 09:40 - 2015-07-11 09:40 - 00160408 _____ C:\Windows\Minidump\Mini071115-01.dmp
2015-07-08 22:09 - 2015-07-08 22:09 - 00160408 _____ C:\Windows\Minidump\Mini070815-01.dmp
2015-06-29 13:15 - 2015-06-29 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-25 20:04 - 2015-06-25 20:04 - 00000000 ____D C:\found.001
2015-06-25 07:37 - 2015-06-25 07:55 - 00000000 ___RD C:\Musik
2015-06-24 23:39 - 2015-06-24 23:39 - 00000000 __RSH C:\MSDOS.SYS
2015-06-24 23:39 - 2015-06-24 23:39 - 00000000 __RSH C:\IO.SYS
2015-06-19 20:35 - 2015-06-19 20:35 - 00160408 _____ C:\Windows\Minidump\Mini061915-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-17 17:23 - 2012-04-06 09:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-17 17:02 - 2008-12-04 21:13 - 02033851 _____ C:\Windows\WindowsUpdate.log
2015-07-17 16:48 - 2010-11-19 14:55 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-17 16:32 - 2010-11-19 14:55 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-17 16:32 - 2009-02-11 00:55 - 00151688 _____ C:\ProgramData\nvModes.001
2015-07-17 16:32 - 2009-02-11 00:54 - 00151688 _____ C:\ProgramData\nvModes.dat
2015-07-17 16:31 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-17 16:31 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 16:31 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 15:59 - 2013-01-13 13:53 - 00000680 _____ C:\Users\noki\AppData\Local\d3d9caps.dat
2015-07-17 08:42 - 2010-01-16 01:49 - 00000000 ____D C:\Windows\Minidump
2015-07-17 08:41 - 2013-03-21 22:13 - 425738260 _____ C:\Windows\MEMORY.DMP
2015-07-17 08:41 - 2012-12-02 21:08 - 00569166 _____ C:\Windows\PFRO.log
2015-07-17 00:25 - 2008-12-04 21:14 - 00003613 _____ C:\Windows\bthservsdp.dat
2015-07-17 00:25 - 2006-11-02 15:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-17 00:23 - 2012-04-06 09:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-17 00:23 - 2011-05-16 08:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-16 21:12 - 2011-06-23 20:22 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-16 16:22 - 2010-12-12 21:46 - 00000000 ____D C:\Qoobox
2015-07-16 16:20 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2015-07-16 15:21 - 2009-02-08 23:39 - 00000000 ____D C:\Users\noki
2015-07-16 15:00 - 2013-08-08 21:13 - 00000000 ____D C:\Program Files\Java
2015-07-16 11:06 - 2006-11-02 14:47 - 00399544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 00:50 - 2013-07-28 01:07 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 22:56 - 2009-02-08 23:40 - 00114168 _____ C:\Users\noki\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-15 22:50 - 2010-07-08 15:19 - 00000000 ____D C:\Program Files\OpenVPN
2015-07-15 22:49 - 2010-07-13 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Explorer
2015-07-15 22:49 - 2010-07-13 16:02 - 00000000 ____D C:\Users\noki\SapWorkDir
2015-07-15 22:27 - 2006-11-02 12:33 - 01567488 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 23:09 - 2009-02-12 00:34 - 00000000 ____D C:\Users\noki\AppData\Roaming\Adobe
2015-07-12 23:09 - 2009-02-08 23:43 - 00000000 ____D C:\ProgramData\Adobe
2015-07-07 08:08 - 2013-12-09 20:51 - 00000000 ____D C:\Users\noki\AppData\Local\Greenshot
2015-07-03 08:49 - 2006-11-02 12:24 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-07-01 07:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\LogFiles
2015-06-29 13:15 - 2015-05-07 19:11 - 00001856 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-06-23 13:27 - 2009-10-02 22:08 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-20 20:03 - 2014-08-25 12:33 - 00000000 ____D C:\Users\noki\AppData\Local\Adobe
==================== Files in the root of some directories =======
2008-05-22 19:35 - 2008-05-22 19:35 - 0051962 _____ () C:\Program Files\Common Files\banner.jpg
2008-08-09 00:48 - 2008-08-09 00:48 - 0090112 _____ () C:\Program Files\Common Files\CPInstallAction.dll
2014-05-15 23:10 - 2014-05-15 23:10 - 0000008 _____ () C:\Users\noki\AppData\Roaming\NMM-MetaData.db
2011-07-20 22:28 - 2012-06-03 17:36 - 0001188 _____ () C:\Users\noki\AppData\Local\crc32list11.txt
2010-03-14 13:04 - 2010-03-14 13:04 - 0000552 _____ () C:\Users\noki\AppData\Local\d3d8caps.dat
2013-01-13 13:53 - 2015-07-17 15:59 - 0000680 _____ () C:\Users\noki\AppData\Local\d3d9caps.dat
2009-02-09 00:23 - 2015-04-12 23:33 - 0103936 _____ () C:\Users\noki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-22 22:44 - 2013-05-10 12:11 - 0004096 ____H () C:\Users\noki\AppData\Local\keyfile3.drm
2013-08-27 22:12 - 2013-08-27 22:12 - 0000011 _____ () C:\ProgramData\.tv7
2010-12-22 13:54 - 2010-12-22 13:54 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-02-11 00:55 - 2015-07-17 16:32 - 0151688 _____ () C:\ProgramData\nvModes.001
2009-02-11 00:54 - 2015-07-17 16:32 - 0151688 _____ () C:\ProgramData\nvModes.dat
Some files in TEMP:
====================
C:\Users\noki\AppData\Local\temp\avgnt.exe
C:\Users\noki\AppData\Local\temp\NOSEventMessages.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-17 16:42
==================== End of log ============================
--- --- ---
FRST Additions Logfile:
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by noki at 2015-07-17 17:35:07
Running from D:\
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1619064115-466689268-4177747022-500 - Administrator - Disabled)
Gast (S-1-5-21-1619064115-466689268-4177747022-501 - Limited - Disabled)
noki (S-1-5-21-1619064115-466689268-4177747022-1000 - Administrator - Enabled) => C:\Users\noki
postgres (S-1-5-21-1619064115-466689268-4177747022-1001 - Limited - Enabled) => C:\Users\postgres
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader X (10.1.15) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Albelli Fotobücher (HKU\S-1-5-21-1619064115-466689268-4177747022-1000\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version:  - Albelli)
ALDI NORD Bestellsoftware 4.13 (HKLM\...\ALDI NORD Bestellsoftware) (Version: 4.13 - ORWO Net)
ALDI Nord Foto Manager Free (HKLM\...\ALDI Nord Foto Manager Free D) (Version: 6.0.1.471 - MAGIX AG)
ALDI Nord Foto Service (HKLM\...\ALDI Nord Foto Service D) (Version: 1.13.0.111 - MAGIX AG)
ALDI Nord Online Druck Service (HKLM\...\ALDI Nord Online Druck Service D) (Version: 4.5.1.0 - MAGIX AG)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS CopyProtect (HKLM\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0008 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.13 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS Power4Gear eXtreme (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.0.19 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0005 - ASUS)
ASUS Virtual Camera (HKLM\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.11 - ASUS)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0042 - ASUS)
ATKOSD2 (HKLM\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0002 - ASUS)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AudibleManager (HKLM\...\AudibleManager) (Version: 49582374.-2.1996386486.1996385500 - Audible, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Bild Albelli Fotoservice (HKU\S-1-5-21-1619064115-466689268-4177747022-1000\...\{4E97552A-D0D2-47E3-B4A0-82E5A57A4198}_is1) (Version:  - Bild Albelli)
CCleaner (HKLM\...\CCleaner) (Version: 3.01 - Piriform)
CDDRV_Installer (Version: 1.00.0000 - Logitech) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CrystalDiskInfo 6.5.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
Dell C1765 Color MFP (HKLM\...\InstallShield_{B03A2793-A8FF-4242-B23D-88D2D5FAE56A}) (Version: 1.039.0 - Dell Inc.)
Dell C1765 Color MFP (Version: 1.039.0 - Dell Inc.) Hidden
Direct Console 2.0 (HKLM\...\{E616A5EE-B7F4-4807-800B-79EB4EB2182B}) (Version: 2.0.5 - ASUS)
Dolby Control Center (HKLM\...\{A23E5590-6799-437B-9723-2627BA800B6F}) (Version: 2.0.0706 - Dolby)
Express Gate (HKLM\...\{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}) (Version: 0.8.6.0 - devicevm)
Firebird SQL Server - MAGIX Edition (HKLM\...\{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}) (Version: 2.1.23.0 - MAGIX AG)
FormatFactory 2.20 (HKLM\...\FormatFactory) (Version: 2.20 - Free Time)
Free M4a to MP3 Converter 8.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Greenshot 1.1.6.2779 (HKLM\...\Greenshot_is1) (Version: 1.1.6.2779 - Greenshot)
HD Writer AE 4.0 (HKLM\...\{DAC69A3A-89E6-4B70-B486-B974C2C95BE9}) (Version: 4.00.022.1031 - Panasonic Corporation)
ITECIR (HKLM\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
KhalInstallWrapper (Version: 4.00.121 - Logitech) Hidden
LEGO MINDSTORMS EV3 (HKLM\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)
LEGO MINDSTORMS EV3 Home Content (Version: 1.1.41 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home deutscher Support (Version: 1.1.41 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home Edition (Version: 1.1.41 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Uninstaller (Version: 1.0.11 - The LEGO Group) Hidden
LEGO MINDSTORMS NXT Driver (HKLM\...\{FA2B75F7-6037-4C34-9F3B-3E4320C4CC61}) (Version: 1.20.111.0 - LEGO)
LightScribe System Software  1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
MAGIX Filme auf DVD 8 8.0.0.11 (D) (HKLM\...\MAGIX Filme auf DVD 8 D) (Version: 8.0.0.11 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX USB-Videowandler 2 (HKLM\...\InstallShield_{91065458-A5CF-474C-9160-B44B974B3C25}) (Version: 1.00.0000 - MAGIX)
MAGIX USB-Videowandler 2 (Version: 1.00.0000 - MAGIX) Hidden
MAGIXUSB-Videowandler 2 Device Driver (HKLM\...\TVEpaDrv) (Version:  - )
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MediaManager (HKLM\...\MediaManager) (Version: 3.0.3 (60) - PacketVideo)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005(x86) (HKLM\...\{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}) (Version: 1.0.0.0 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4.0 redistributable (HKLM\...\{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}) (Version: 4.0.0.0 - SAP)
MyDriveConnect 3.3.0.1756 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1756 - TomTom)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version:  - )
Nero 6 Demo (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
NI .NET Framework 4 (Version: 4.00.49152 - National Instruments) Hidden
NI EulaDepot (Version: 3.20.363 - National Instruments) Hidden
NI MDF Support (Version: 3.20.363 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (Version: 1.0.29.0 - National Instruments) Hidden
NI Uninstaller (Version: 3.20.363 - National Instruments) Hidden
NI VC2008MSMs x86 (Version: 9.0.401 - National Instruments) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM\...\{531317A5-586A-4E36-87C1-CA823447B375}) (Version: 6.81.13.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.4.49.0 - Nokia)
Nokia Suite (Version: 3.4.49.0 - Nokia) Hidden
Nuance PaperPort 14 (HKLM\...\{08BCE67B-6305-4D8A-B749-F381E7E3DDA2}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
OMPM v2.0 (HKLM\...\InstallShield_{0A7245F9-B454-4FAA-9A94-61617B6039A1}) (Version: 2.7.4.7 - Ihr Firmenname)
OMPM v2.0 (Version: 2.7.4.7 - Ihr Firmenname) Hidden
P4P (HKLM\...\{FC3D290D-79BE-44B7-ABF9-FDD110925930}) (Version: 1.0.0.17 - P4P)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PC Connectivity Solution (HKLM\...\{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}) (Version: 12.0.17.0 - Nokia)
PhotoFrame  (HKLM\...\PhotoFrame) (Version:  - )
PostgreSQL 8.4 (HKLM\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5683 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.03 - RICOH)
Scansoft PDF Professional (Version:  - ) Hidden
SetPoint (HKLM\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 4.00 - Logitech)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
USB 2.0 2.0M UVC WebCam (HKLM\...\USB 2.0 2.0M UVC WebCam) (Version:  - )
vcredist_x86 (HKLM\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 1.0.0 - SAP)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Web Companion (HKLM\...\{cb9e3725-16cf-4074-9773-48ed63531d12}) (Version: 2.0.1025.2130 - Lavasoft)
WIDCOMM Bluetooth Software (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 5.2.0.800 - Broadcom Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version:  - )
WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version:  - )
WinZip (HKLM\...\WinZip) (Version:  8.1 SR-1  (5266) - WinZip Computing, Inc.)
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)
WISO Steuer 2012 (HKLM\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7304 - Buhl Data Service GmbH)
WISO Steuer 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer 2014 (HKLM\...\{3C5C5344-25D3-4013-BCA1-A0711FE7B3AD}) (Version: 21.00.8480 - Buhl Data Service GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1619064115-466689268-4177747022-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1619064115-466689268-4177747022-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1619064115-466689268-4177747022-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1619064115-466689268-4177747022-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1619064115-466689268-4177747022-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1619064115-466689268-4177747022-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1619064115-466689268-4177747022-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
==================== Restore Points =========================
17-07-2015 08:39:11 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2015-07-16 16:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {19411A74-991C-4A16-BF7C-166E4E49D856} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {1941507E-9998-4627-89DD-A82A69E7ADA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {414841C6-91CC-4966-933A-D71E285DCD6D} - System32\Tasks\{ED30B319-CC19-424F-846E-0F8ECB82F999} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {4776059D-376A-4ACD-B3A9-3778FFDE026E} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [2008-06-18] (ASUS)
Task: {518721D2-0013-4B19-A46B-4B51B04559C6} - System32\Tasks\{663C24D5-10FA-4FAA-84B9-CD94B89A69AB} => pcalua.exe -a D:\Downloads\3gp\3GP_Converter034\Setup.exe -d D:\Downloads\3gp\3GP_Converter034
Task: {69C4819B-7EFB-4390-A2B5-1390D59AAB13} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {819AAF3C-60E3-448E-BFF7-D5CD780E3594} - System32\Tasks\{F7BB27B9-C40B-43A9-95C2-530FBC73558A} => pcalua.exe -a E:\Software\Bluetooth\Setup.exe -d E:\Software\Bluetooth
Task: {98F3527B-8354-4119-8577-E0DA25B224E0} - System32\Tasks\{89C29468-C381-4F13-8FA7-ABDD6BF2A3DA} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {C26BC1A5-691B-414B-BF54-1E492181F57F} - System32\Tasks\Direct Console 2.0 => C:\Program Files\ASUS\Direct Console\DCHelper.exe [2008-03-25] (ASUSTek.)
Task: {C51BD195-A428-4355-AC9F-8097D6A0BC5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {C8F76C46-2FC5-4E64-91D7-5124505E2CEB} - System32\Tasks\{C6C7E2A8-77AA-4E25-958E-511E0167322E} => pcalua.exe -a D:\Downloads\directx_nov2008_redist.exe -d D:\Downloads
Task: {D5E3E87C-0880-453A-A1C5-529B75FD0756} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {E725020D-5EE0-40D0-8EE4-98F9EF122DE0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-17] (Adobe Systems Incorporated)
Task: {FA7B7F3A-545E-4E08-AA17-43391A52A2F3} - System32\Tasks\ASPG => C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe [2008-06-19] (ASUS)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2008-12-04 23:53 - 2007-05-18 12:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-08-14 06:59 - 2008-08-14 06:59 - 00100920 _____ () C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
2008-12-04 23:14 - 2007-08-08 10:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-07-17 10:37 - 2012-06-07 17:48 - 00019968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dltfm1zPP.dll
2008-12-04 23:53 - 2007-06-15 20:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-12-04 23:53 - 2007-06-02 03:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2008-12-04 23:53 - 2007-08-08 12:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2009-02-21 01:23 - 2003-05-19 22:16 - 00120320 _____ () C:\Program Files\WinRAR\rarext.dll
2004-05-28 04:13 - 2004-05-28 04:13 - 00057344 _____ () C:\Program Files\ASUS\ATK Hotkey\CMSSC.dll
2008-12-04 23:27 - 2007-07-06 02:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-12-04 23:53 - 2007-11-30 21:20 - 00051768 _____ () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2008-05-29 07:39 - 2008-05-29 07:39 - 00053248 _____ () C:\Program Files\ASUS\Direct Console\SysInfo.dll
2008-12-04 23:14 - 2007-03-10 02:16 - 00106496 _____ () C:\Program Files\ATKGFNEX\AGFNEX.dll
2007-11-13 01:41 - 2007-11-13 01:41 - 00106496 _____ () C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll
2008-12-04 23:57 - 2008-01-26 04:32 - 00778240 _____ () C:\Program Files\P4P\P4P.exe
2008-05-29 07:40 - 2008-05-29 07:40 - 00049152 _____ () C:\Program Files\ASUS\Direct Console\OLED.dll
2007-12-28 02:04 - 2007-12-28 02:04 - 00032768 _____ () C:\Program Files\ASUS\Direct Console\LED.dll
2008-02-19 08:32 - 2008-02-19 08:32 - 00012288 _____ () C:\Program Files\ASUS\Direct Console\OvrClk.dll
2007-12-12 02:07 - 2007-12-12 02:07 - 00090112 _____ () C:\Program Files\ASUS\Direct Console\OUTLOOK.dll
2007-12-08 01:32 - 2007-12-08 01:32 - 00061440 _____ () C:\Program Files\ASUS\Direct Console\MSN.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-06 17:37 - 2013-02-06 17:37 - 00191464 _____ () C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
2012-05-16 15:45 - 2012-05-16 15:45 - 08506280 _____ () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 02353576 _____ () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 01013672 _____ () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 00363944 _____ () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 02480552 _____ () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 01346472 _____ () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 00205736 _____ () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 02652584 _____ () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 00032680 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 00035240 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 00206760 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 11166120 _____ () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 00276392 _____ () C:\Program Files\Nokia\Nokia Suite\phonon4.dll
2012-05-16 13:46 - 2012-05-16 13:46 - 00391056 _____ () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
2012-05-16 13:46 - 2012-05-16 13:46 - 00059280 _____ () C:\Program Files\Nokia\Nokia Suite\securestorage.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 00445864 _____ () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 00520104 _____ () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
2012-05-16 15:45 - 2012-05-16 15:45 - 00720296 _____ () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
2012-05-16 15:44 - 2012-05-16 15:44 - 00604072 _____ () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
2012-05-16 15:44 - 2012-05-16 15:44 - 00437672 _____ () C:\Program Files\Nokia\Nokia Suite\NService.dll
2012-05-16 13:45 - 2012-05-16 13:45 - 00110080 _____ () C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
2014-08-22 10:38 - 2014-08-22 10:38 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-08-22 10:38 - 2014-08-22 10:38 - 00087416 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-08-22 10:38 - 2014-08-22 10:38 - 00398712 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2015-07-17 07:48 - 2015-07-17 07:48 - 00072192 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-07-17 07:48 - 2015-07-17 07:48 - 00178176 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-07-17 07:48 - 2015-07-17 07:48 - 00040448 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-07-17 07:48 - 2015-07-17 07:48 - 00026624 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2015-07-17 07:48 - 2015-07-17 07:48 - 00009216 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-07-17 07:48 - 2015-07-17 07:48 - 00117248 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-07-17 07:48 - 2015-07-17 07:48 - 00032768 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2014-03-18 18:20 - 2014-03-18 18:20 - 00199633 _____ () C:\Program Files\Dell Printers\OpenManage\OMPMv2.0\client\OMPMWatchdogService.exe
2014-06-27 23:22 - 2012-08-16 12:25 - 00172032 _____ () C:\Program Files\PostgreSQL\8.4\bin\LIBPQ.dll
2015-07-17 07:48 - 2015-07-17 07:48 - 00013312 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-07-17 07:48 - 2015-07-17 07:48 - 00005632 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-07-17 07:48 - 2015-07-17 07:48 - 00028160 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-06-27 23:24 - 2012-08-14 15:19 - 00999424 _____ () C:\Program Files\PostgreSQL\8.4\bin\libxml2.dll
2008-12-04 23:55 - 2007-08-03 22:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-12-04 23:55 - 2007-09-14 20:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-12-04 23:55 - 2003-11-28 12:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-12-04 23:55 - 2005-08-30 01:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-12-04 23:55 - 2003-09-10 02:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-12-04 23:55 - 2006-04-04 20:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-12-04 23:55 - 2005-04-08 05:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2014-07-17 10:32 - 2012-08-16 19:33 - 00041984 _____ () C:\Windows\system32\dltsm1zwia.dll
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1619064115-466689268-4177747022-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1619064115-466689268-4177747022-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\img24.jpg
HKU\S-1-5-21-1619064115-466689268-4177747022-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{28AA2FEE-D481-4D84-913E-1CF0E59B80CA}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{832088FB-DCA6-4627-AA07-BF2CF73BCB70}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{C831918A-6B6B-423E-9978-475C8A4BF60E}C:\program files\openvpn\bin\openvpn.exe] => (Block) C:\program files\openvpn\bin\openvpn.exe
FirewallRules: [UDP Query User{8C46CC16-25BB-4736-8AC9-ED1E19731AC4}C:\program files\openvpn\bin\openvpn.exe] => (Block) C:\program files\openvpn\bin\openvpn.exe
FirewallRules: [TCP Query User{1C164927-BB8D-478C-9964-F8D6BC59A2A9}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe
FirewallRules: [UDP Query User{5F013047-4D01-4CAA-9A45-F35743BCCDA2}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe
FirewallRules: [TCP Query User{84EB3341-6966-4163-BF72-289A70024253}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [UDP Query User{471DE340-B595-4E19-8032-A6C916BA3AC9}C:\windows\system32\taskeng.exe] => (Block) C:\windows\system32\taskeng.exe
FirewallRules: [TCP Query User{D7A3CCF0-0385-44BF-A902-715B7FACC26E}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{14B1B00C-0309-41A0-BDE9-77AF78337780}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{750408C6-979C-4A2E-8C08-EBD76DD2A813}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{01DBCC36-310E-4CF7-BAF6-C766E0CEC184}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{C304B180-0E0B-4081-AC0E-42E22FE45F78}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1AB83C35-B101-4B79-BF6B-191A0C947D48}] => (Allow) LPort=80
FirewallRules: [{7DA1E521-4A3A-4461-8445-F8F4905E0A18}] => (Allow) LPort=80
FirewallRules: [{F863D41D-BFE3-4F1D-8B11-D8781843CE57}] => (Allow) LPort=80
FirewallRules: [TCP Query User{AAB4ED21-1406-4629-9AC3-44B3404EC5B3}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe] => (Allow) C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe
FirewallRules: [UDP Query User{19CC29C9-60AA-4BA3-9D86-6F983DE52361}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe] => (Allow) C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe
FirewallRules: [TCP Query User{5BF834D1-FC3F-45F4-9C69-40DFD0EAEBB1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [UDP Query User{5719C01C-2E21-4EE4-B1EB-6AFFC59CAE1B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [{47725C01-D394-4560-BBA2-D84DF721F3AA}] => (Allow) C:\Program Files\Nakido\nakido.exe
FirewallRules: [{B59BB5F2-B4F0-48A9-A43E-EB884E336BB6}] => (Allow) C:\Program Files\Nakido\nakido.exe
FirewallRules: [{C9B20076-4909-431E-A146-617230B20DA3}] => (Allow) C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{69869431-6331-4CC0-BD48-C94BE8C22F37}] => (Allow) C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{5354F5F7-6EC2-4C1D-B108-2EFB0B616032}] => (Allow) C:\Program Files\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{D6768DFC-208E-42A3-8C26-51709369EE04}] => (Allow) C:\Program Files\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [TCP Query User{5078F6E3-CE57-4B62-9F40-96204765B386}C:\program files\philips\mediamanager\twonkyrenderer.exe] => (Allow) C:\program files\philips\mediamanager\twonkyrenderer.exe
FirewallRules: [UDP Query User{23AB7648-7C1B-43B9-93C3-B2C2E4B2E69F}C:\program files\philips\mediamanager\twonkyrenderer.exe] => (Allow) C:\program files\philips\mediamanager\twonkyrenderer.exe
FirewallRules: [TCP Query User{8203D92A-BC7A-458B-B873-72EDDEE13569}C:\program files\philips\mediamanager\twonkymanager.exe] => (Allow) C:\program files\philips\mediamanager\twonkymanager.exe
FirewallRules: [UDP Query User{06C64734-4B88-4416-B7CD-D71712E5F646}C:\program files\philips\mediamanager\twonkymanager.exe] => (Allow) C:\program files\philips\mediamanager\twonkymanager.exe
FirewallRules: [{00ADE940-2B0D-48A6-8C9B-03C51A49CE12}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{EE2A595D-30AA-48F0-A82D-9460A22625AC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{68E46633-8DC3-499C-A590-8A85F5FE92AD}C:\Program Files\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe
FirewallRules: [TCP Query User{F468232A-782C-4386-AF14-03CFA72EB0FB}C:\Program Files\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe
FirewallRules: [{B309BC33-1C71-4BF2-94C6-904F3873BA5C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{63E9A5E2-7F26-4E64-ACB3-D673BBA32FF3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (07/17/2015 04:32:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (07/17/2015 04:32:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
Error: (07/17/2015 04:32:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/17/2015 08:43:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/17/2015 07:57:43 AM) (Source: ESENT) (EventID: 447) (User: )
Description: Windows (616) Windows: Ungültige Seitenverknüpfung (Fehler -327) in B-Struktur (Objekt-Id: 52, PgnoRoot: 491) von Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb (19534 => 4874, Windows0).
Error: (07/17/2015 07:57:38 AM) (Source: ESENT) (EventID: 447) (User: )
Description: Windows (616) Windows: Ungültige Seitenverknüpfung (Fehler -327) in B-Struktur (Objekt-Id: 52, PgnoRoot: 491) von Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb (19534 => 4874, Windows0).
Error: (07/17/2015 07:12:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/17/2015 12:25:05 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf einem Volumeschattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Routinedetails PostFinalCommitSnapshots({a6761f65-59d4-4d0b-81e1-b860c7755aba}, 1) [hr = 0x80042308].

Vorgang:
  Asynchroner Vorgang wird ausgeführt
Kontext:
  Aktueller Status: DoSnapshotSet
Error: (07/17/2015 12:25:05 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 - 0000013C,0x00560038,000DAF10,0,000D9F08,4096,[0]).

Vorgang:
  PostFinalCommitSnapshots wird verarbeitet
Kontext:
  Ausführungskontext: System Provider
Error: (07/17/2015 12:16:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16669, Zeitstempel 0x5580c8aa, fehlerhaftes Modul nvd3dum.dll, Version 8.15.11.8631, Zeitstempel 0x4a4c6b3e, Ausnahmecode 0xc0000005, Fehleroffset 0x0027bcd2,
Prozess-ID 0x1638, Anwendungsstartzeit iexplore.exe0.

System errors:
=============
Error: (07/17/2015 05:32:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: OMPM Service%%1053
Error: (07/17/2015 05:32:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000OMPM Service
Error: (07/17/2015 05:27:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: OMPM Service%%1053
Error: (07/17/2015 05:27:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000OMPM Service
Error: (07/17/2015 05:22:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: OMPM Service%%1053
Error: (07/17/2015 05:22:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000OMPM Service
Error: (07/17/2015 05:17:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: OMPM Service%%1053
Error: (07/17/2015 05:17:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000OMPM Service
Error: (07/17/2015 05:12:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: OMPM Service%%1053
Error: (07/17/2015 05:12:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000OMPM Service

Microsoft Office:
=========================
Error: (07/17/2015 04:32:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (07/17/2015 04:32:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
Error: (07/17/2015 04:32:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/17/2015 08:43:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/17/2015 07:57:43 AM) (Source: ESENT) (EventID: 447) (User: )
Description: Windows616Windows: -32752491C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb19534487412788
Error: (07/17/2015 07:57:38 AM) (Source: ESENT) (EventID: 447) (User: )
Description: Windows616Windows: -32752491C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb19534487412788
Error: (07/17/2015 07:12:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/17/2015 12:25:05 AM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}PostFinalCommitSnapshots({a6761f65-59d4-4d0b-81e1-b860c7755aba}, 1)0x80042308
Vorgang:
  Asynchroner Vorgang wird ausgeführt
Kontext:
  Aktueller Status: DoSnapshotSet
Error: (07/17/2015 12:25:05 AM) (Source: VSS) (EventID: 12305) (User: )
Description: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 - 0000013C,0x00560038,000DAF10,0,000D9F08,4096,[0])
Vorgang:
  PostFinalCommitSnapshots wird verarbeitet
Kontext:
  Ausführungskontext: System Provider
Error: (07/17/2015 12:16:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.166695580c8aanvd3dum.dll8.15.11.86314a4c6b3ec00000050027bcd2163801d0c014b4d254f3

CodeIntegrity Errors:
===================================
  Date: 2015-07-17 17:35:01.874
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2015-07-17 17:35:01.582
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2015-07-17 17:35:01.290
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2015-07-17 17:35:00.996
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2015-07-17 17:35:00.574
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2015-07-17 17:35:00.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2015-07-17 17:34:59.983
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2015-07-17 17:34:59.678
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2015-07-17 17:34:36.975
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
  Date: 2015-07-17 17:34:36.649
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz
Percentage of memory in use: 49%
Total physical RAM: 3070.17 MB
Available physical RAM: 1560.71 MB
Total Virtual: 6347.35 MB
Available Virtual: 4268.33 MB
==================== Drives ================================
Drive c: (VistaOS) (Fixed) (Total:232.88 GB) (Free:103.1 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:223.12 GB) (Free:37.61 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223.1 GB) - (Type=OF Extended)
==================== End of log ============================
--- --- ---

--- --- ---

cosinus 17.07.2015 19:20
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


noki 18.07.2015 11:34
Fix result of Farbar Recovery Scan Tool (x86) Version: 18-07-2015
Ran by noki at 2015-07-18 12:14:11 Run:1
Running from D:\
Loaded Profiles: noki & postgres (Available Profiles: noki & postgres)
Boot Mode: Normal
==============================================
fixlist content:
*****************
EmptyTemp:
*****************
EmptyTemp: => 2.2 GB temporary data Removed.

The system needed a reboot.
==== End of Fixlog 12:15:33 ====


Nach dem fixen hat der Neustart des Laptop ca. 1-2 Minuten länger gedauert als sonst.

Weiterhin ist das Surfen und der normale Umgang mit dem Laptop einwandfrei. Nur bei den Deinstallationen hängt sich der Laptop spätestens bei der zweiten Deinstallation aus. Auch die automatischen Windows-Updates funktionieren kaum. Ich habe diese jetzt deaktiviert.

Ach ja, von Anfang an habe ich auch immer diese Fehler-Meldung nach dem Neustart gehabt (jetzt auch noch): GDI+ Window : avgnt.exe - Ungültiges Bild ; Probleme mit der Datei c:/program files/setpoint/lgscroll.dll

Ich habe eben ein manuelles Windows-Update durchgeführt. Das hat auch geklappt, System forderte dann Neustart, habe ich gemacht und sofort startete wieder CHKDSK. Dabei wurden 35 verwaiste Dateien wieder hergestell (u.a dmusic.dll, midimap.dll, mmci.dll, msacm32.drv, winload.exe, winresume.exe, wscapi.dll, wscsvc.dll). Vielleicht ist das ja auch noch wichtig.

cosinus 19.07.2015 14:23
Zitat:
Auch die automatischen Windows-Updates funktionieren kaum. Ich habe diese jetzt deaktiviert.
Das ist nicht Sinn und Zweck des ganzen...um die Updates muss man sich immer kümmern, das ist sicherheitsrelevant!

Aber erstmal bitte Kontrollscans mit MBAM und ESET:


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


noki 19.07.2015 20:43
DEr Pre-Scan startet nicht. Programm ist installiert, habe es als Administrator ausgeführt, bei Avira alle Überwachungen ausgeschaltet, aber der Scan startet nicht. Läuft schon 1 Std. und keine Objekte wurden untersucht.

Was nun?

Nach 1:46 war der Scan dann doch beendet. Er hatte den Dateifortschritt nicht fortlaufend angezeigt. Hier die Ergebnisse:

ES wurden 2 Ordner und 2 Dateien in die Quarantäne verschoben (OpenCandy, trojan.agent: e-n83601.zip)

Malwarebytes Anti-Malware
www.malwarebytes.org

Error, 19.07.2015 17:54:31, SYSTEM, NOKI-PC, Protection, IsLicensed, 13,
Protection, 19.07.2015 17:54:31, SYSTEM, NOKI-PC, Protection, Malware Protection, Stopping,
Protection, 19.07.2015 17:54:31, SYSTEM, NOKI-PC, Protection, Malware Protection, Stopped,
Update, 19.07.2015 18:15:50, SYSTEM, NOKI-PC, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 19.07.2015 18:15:50, SYSTEM, NOKI-PC, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 19.07.2015 18:15:50, SYSTEM, NOKI-PC, Manual, Remediation Database, 2015.3.9.1, 2015.7.15.2,
Update, 19.07.2015 18:15:50, SYSTEM, NOKI-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.7.17.1,
Update, 19.07.2015 18:16:05, SYSTEM, NOKI-PC, Manual, Malware Database, 2015.3.9.5, 2015.7.19.2,
Error, 19.07.2015 19:30:35, SYSTEM, NOKI-PC, Protection, IsLicensed, 13,
Protection, 19.07.2015 19:30:35, SYSTEM, NOKI-PC, Protection, Malware Protection, Stopping,
Protection, 19.07.2015 19:30:35, SYSTEM, NOKI-PC, Protection, Malware Protection, Stopped,
Update, 19.07.2015 19:37:01, SYSTEM, NOKI-PC, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 19.07.2015 19:37:01, SYSTEM, NOKI-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.7.17.1,
Update, 19.07.2015 19:37:02, SYSTEM, NOKI-PC, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 19.07.2015 19:37:02, SYSTEM, NOKI-PC, Manual, Remediation Database, 2015.3.9.1, 2015.7.15.2,
Update, 19.07.2015 19:37:19, SYSTEM, NOKI-PC, Manual, Malware Database, 2015.3.9.5, 2015.7.19.2,
Error, 19.07.2015 21:28:35, SYSTEM, NOKI-PC, Protection, IsLicensed, 13,
Protection, 19.07.2015 21:28:35, SYSTEM, NOKI-PC, Protection, Malware Protection, Stopping,
Protection, 19.07.2015 21:28:35, SYSTEM, NOKI-PC, Protection, Malware Protection, Stopped,
(end)

Nun kommt ESET

cosinus 19.07.2015 20:50
Bitte das richtige Log von MBAM posten...

noki 19.07.2015 22:59
Alle Logs!

MBAM1:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 19.07.2015
Suchlauf-Zeit: 19:37:40
Logdatei: mbam1.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.07.19.02
Rootkit Datenbank: v2015.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: noki
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 374141
Verstrichene Zeit: 1 Std, 36 Min, 44 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)
Registrierungswerte: 0
(Keine schädliche Elemente gefunden)
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 0
(Keine schädliche Elemente gefunden)
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)

(end)


MBAM2:

Malwarebytes Anti-Malware
www.malwarebytes.org

Error, 19.07.2015 17:54:31, SYSTEM, NOKI-PC, Protection, IsLicensed, 13,
Protection, 19.07.2015 17:54:31, SYSTEM, NOKI-PC, Protection, Malware Protection, Stopping,
Protection, 19.07.2015 17:54:31, SYSTEM, NOKI-PC, Protection, Malware Protection, Stopped,
Update, 19.07.2015 18:15:50, SYSTEM, NOKI-PC, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 19.07.2015 18:15:50, SYSTEM, NOKI-PC, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 19.07.2015 18:15:50, SYSTEM, NOKI-PC, Manual, Remediation Database, 2015.3.9.1, 2015.7.15.2,
Update, 19.07.2015 18:15:50, SYSTEM, NOKI-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.7.17.1,
Update, 19.07.2015 18:16:05, SYSTEM, NOKI-PC, Manual, Malware Database, 2015.3.9.5, 2015.7.19.2,
Error, 19.07.2015 19:30:35, SYSTEM, NOKI-PC, Protection, IsLicensed, 13,
Protection, 19.07.2015 19:30:35, SYSTEM, NOKI-PC, Protection, Malware Protection, Stopping,
Protection, 19.07.2015 19:30:35, SYSTEM, NOKI-PC, Protection, Malware Protection, Stopped,
Update, 19.07.2015 19:37:01, SYSTEM, NOKI-PC, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 19.07.2015 19:37:01, SYSTEM, NOKI-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.7.17.1,
Update, 19.07.2015 19:37:02, SYSTEM, NOKI-PC, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 19.07.2015 19:37:02, SYSTEM, NOKI-PC, Manual, Remediation Database, 2015.3.9.1, 2015.7.15.2,
Update, 19.07.2015 19:37:19, SYSTEM, NOKI-PC, Manual, Malware Database, 2015.3.9.5, 2015.7.19.2,
Error, 19.07.2015 21:28:35, SYSTEM, NOKI-PC, Protection, IsLicensed, 13,
Protection, 19.07.2015 21:28:35, SYSTEM, NOKI-PC, Protection, Malware Protection, Stopping,
Protection, 19.07.2015 21:28:35, SYSTEM, NOKI-PC, Protection, Malware Protection, Stopped,
(end)

Andere Logs gibt es unter "Verlauf" nicht!

ESET:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0f9f745258f05f48a6f3df169773a5f7
# end=init
# utc_time=2015-07-19 07:45:21
# local_time=2015-07-19 09:45:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
Update Finalize
Updated modules version: 24878
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0f9f745258f05f48a6f3df169773a5f7
# end=updated
# utc_time=2015-07-19 07:49:37
# local_time=2015-07-19 09:49:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0f9f745258f05f48a6f3df169773a5f7
# engine=24878
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-19 09:49:37
# local_time=2015-07-19 11:49:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 197314 274875305 0 0
# scanned=279083
# found=1
# cleaned=0
# scan_time=7200
sh=DE68CECF035638C21CD9EC0F79C443C5E36FABD8 ft=1 fh=2b40ef9402fb7ae4 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\m4a-to-mp3-converter.exe"

cosinus 20.07.2015 08:22
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
D:\Downloads\m4a-to-mp3-converter.exe
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


noki 20.07.2015 18:26
Fix result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by noki at 2015-07-20 19:02:58 Run:2
Running from D:\
Loaded Profiles: noki & postgres (Available Profiles: noki & postgres)
Boot Mode: Normal
==============================================
fixlist content:
*****************
D:\Downloads\m4a-to-mp3-converter.exe
EmptyTemp:
*****************
D:\Downloads\m4a-to-mp3-converter.exe => moved successfully.
EmptyTemp: => 132.2 MB temporary data Removed.

The system needed a reboot.
==== End of Fixlog 19:03:08 ====

Noch ein kleiner Hinweis. Als gestern noch Avira aktiv war, kam folgende Diagnose:

Sicherheitshinsweis - Typ: Fund
Der Zugriff auf die Datei frst.exe mit dem Virus oder unerwünschten Programm TR/Graftor.1637376 wurde blockiert.

Kann ich das ignorieren?

Weitere Frage: was passiert mit den 2 Ordnern und 2 Dateien, die Malware in Quarantäne gesteckt hat. Kann ich die jetzt löschen?

cosinus 20.07.2015 21:27
FRST.exe ist unser Analyse- und Bereinigungstool, natürlich ist da kein Schädling drin

Zitat:
die Malware in Quarantäne gesteckt hat. Kann ich die jetzt löschen?
Was habt ihr alle immer nur mit der Quarantäne? :wtf:
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

noki 20.07.2015 21:58
Ok, danke für die Belehrung. ��

Letzte Log war ok, oder? Laptop läuft ja nun auch deutlich besser, auch chkdsk hatte er 2 Tage nicht gemacht. Komischerweise heute Abend noch mal, obwohl Laptop davor ganz normal runter gefahren.

cosinus 20.07.2015 22:08
Ich wunder mich immer nur über solche Fragen mit Elemente aus der Q löschen, eigentlich ist es ja selbst erklärend, was eine Q ist und das Elemente darin keinen Schaden anrichten können.

Zitat:
Komischerweise heute Abend noch mal
Wir hatten doch erst neulich darüber gesprochen, dass deine Festplatte Alterserscheinungen aufweist bzw ausstehende Sektoren hat.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:19 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131