wivwilli | 28.07.2014 18:08 | Hi, da bin ich wieder,
und hier sind die Daten:
FRST von vorhin
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by RA W********** (administrator) on RA-W********** on 28-07-2014 18:43:31
Running from C:\Dokumente und Einstellungen\RA W**********\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) H:\Programme\Avira\AntiVir Desktop\sched.exe
(Dell - Advanced Desktop Engineering) C:\WINDOWS\SYSTEM32\DSentry.exe
(Avira Operations GmbH & Co. KG) H:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\rundll32.exe
() C:\WINDOWS\SYSTEM32\LFXGDIPO.EXE
(Northcode Inc.) C:\WINDOWS\NCLAUNCH.EXe
() C:\Programme\Microsoft Office\Office\OSA.EXE
(AVM Berlin) C:\Programme\FRITZ!DSL\FwebProt.exe
(AVM Berlin) C:\Programme\FRITZ!DSL\StCenter.exe
(Avira Operations GmbH & Co. KG) H:\Programme\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Programme\FRITZ!DSL\IGDCTRL.EXE
(Macrovision) C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
() H:\Programme\CDBurnerXP\NMSAccessU.exe
(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe
() C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe
(Avira Operations GmbH & Co. KG) H:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\taskmgr.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-755217877-3979986834-3842289397-1005\...\Run: [NCLaunch] => C:\WINDOWS\NCLAUNCH.EXe [40960 2004-05-22] (Northcode Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk
ShortcutTarget: Microsoft-Indexerstellung.lnk -> C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Office-Start.lnk
ShortcutTarget: Office-Start.lnk -> C:\Programme\Microsoft Office\Office\OSA.EXE ()
Startup: C:\Dokumente und Einstellungen\RA W**********\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.justiz.nrw.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.euro.dell.com/
SearchScopes: HKCU - {8A47991F-2AC1-44F4-A532-EBE4A1C28D74} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Programme\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> G:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {00000075-0000-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/voxmsdec.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Programme\FRITZ!DSL\sarah.dll [19456] (AVM Berlin)
Winsock: Catalog9 01 C:\Programme\FRITZ!DSL\sarah.dll [19456] (AVM Berlin)
Winsock: Catalog9 02 C:\Programme\FRITZ!DSL\sarah.dll [19456] (AVM Berlin)
Winsock: Catalog9 03 C:\Programme\FRITZ!DSL\sarah.dll [19456] (AVM Berlin)
Winsock: Catalog9 23 C:\Programme\FRITZ!DSL\sarah.dll [19456] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\RA W**********\Anwendungsdaten\Mozilla\Firefox\Profiles\m55chc18.default-1403110564562
FF Homepage: hxxp://www.justiz.nrw.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - G:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - H:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.1.0 - C:\Programme\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.1.0 - C:\Programme\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Programme\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - H:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - H:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - H:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - H:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Ghostery - C:\Dokumente und Einstellungen\RA W**********\Anwendungsdaten\Mozilla\Firefox\Profiles\m55chc18.default-1403110564562\Extensions\firefox@ghostery.com.xpi [2014-06-19]
FF Extension: DownThemAll! - C:\Dokumente und Einstellungen\RA W**********\Anwendungsdaten\Mozilla\Firefox\Profiles\m55chc18.default-1403110564562\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-06-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-15]
FF HKLM\...\Firefox\Extensions: [{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}] - C:\Programme\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Programme\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-07-14]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Programme\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF StartMenuInternet: FIREFOX.EXE - G:\Programme\Mozilla Firefox\firefox.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; H:\Programme\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; H:\Programme\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [81920 2005-11-21] (AVM Berlin) [File not signed]
R2 C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [54784 2005-09-10] (Macrovision) [File not signed]
S3 de_serv; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [315392 2005-11-21] (AVM Berlin) [File not signed]
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-07-25] (Mozilla Foundation)
S3 NetSvc; C:\Programme\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation) [File not signed]
R2 NMSAccess; H:\Programme\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe [31920 2012-03-23] ()
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S2 gupdate; "C:\Programme\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Programme\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2002-09-11] (Microsoft Corporation)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 CdaC15BA; C:\WINDOWS\system32\drivers\CdaC15BA.SYS [12464 2005-01-08] (Macrovision Europe Ltd) [File not signed]
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [9336 2009-09-25] (Sonic Solutions)
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [9464 2009-09-25] (Sonic Solutions)
R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [241280 2005-12-21] (Roxio) [File not signed]
S3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [25930 2005-12-21] (Roxio) [File not signed]
R2 E504C; C:\WINDOWS\system32\Drivers\E504C.sys [970008 2004-05-17] (DeTeWe Berlin) [File not signed]
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel(R) Corporation)
S3 LFXACT; C:\WINDOWS\System32\Drivers\LFXACT.sys [20488 2006-05-04] (OEM) [File not signed]
R1 lfxnt; C:\WINDOWS\system32\drivers\lfxnt.sys [61740 2006-05-04] () [File not signed]
R3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [30662 2005-12-21] (Roxio) [File not signed]
R1 NETDSL; C:\WINDOWS\System32\DRIVERS\netdsl.sys [11264 2005-11-21] (Microsoft Corporation) [File not signed]
R3 NETFWDSL; C:\WINDOWS\System32\DRIVERS\NETFWDSL.SYS [367104 2005-11-21] (AVM Berlin) [File not signed]
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [46848 2008-04-14] (Microsoft Corporation)
R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [144250 2005-12-21] (Roxio) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-12-18] (Avira GmbH)
S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [206464 2005-12-21] (Roxio) [File not signed]
S3 ulisa; C:\WINDOWS\System32\Drivers\ulisa.sys [122716 2004-05-14] (DeTeWe Berlin) [File not signed]
S3 vsdatant; C:\WINDOWS\System32\vsdatant.sys [392824 2006-08-24] (Zone Labs, LLC)
S3 XMLDIUSB; C:\WINDOWS\System32\Drivers\XMLDIUSB.sys [31879 2006-05-04] (OEM) [File not signed]
S3 EL90XBC; System32\DRIVERS\el90xbc5.sys [X]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
S3 PCANDIS5; \??\E:\TDSL\PCANDIS5.SYS [X]
S3 SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-28 18:43 - 2014-07-28 18:43 - 00015987 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\FRST.txt
2014-07-26 18:24 - 2014-07-26 18:24 - 00026760 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\FRST_14-07-26_18-20.txt
2014-07-26 09:32 - 2014-07-26 09:32 - 00001558 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\malwarebytes_14-07-26.txt
2014-07-26 08:40 - 2014-07-26 08:49 - 00026268 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\FRST_14-07-26_08-48.txt
2014-07-26 08:39 - 2014-07-26 08:40 - 00000466 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\defogger_disable.log
2014-07-25 21:34 - 2014-07-26 08:35 - 00380416 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\Gmer-19357.exe
2014-07-25 20:52 - 2014-07-28 18:43 - 00000000 ____D () C:\FRST
2014-07-25 20:49 - 2014-07-25 20:49 - 00000000 _____ () C:\Dokumente und Einstellungen\RA W**********\defogger_reenable
2014-07-25 20:46 - 2014-07-25 20:46 - 00000816 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\Avira_Ereignisse_2014-07-10_bis_25.txt
2014-07-25 20:39 - 2014-07-25 20:39 - 00000816 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\Avira_Ereignisse_0.txt
2014-07-25 20:37 - 2014-07-25 20:37 - 00000816 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\Avira_Ereignisse_1.txt
2014-07-25 18:14 - 2014-07-28 18:39 - 01084416 _____ (Farbar) C:\Dokumente und Einstellungen\RA W**********\Desktop\FRST.exe
2014-07-25 18:10 - 2014-07-25 18:10 - 00050477 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\Defogger.exe
2014-07-20 20:52 - 2014-07-20 20:52 - 00001185 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\malwarebytes_14-07-20.txt
2014-07-20 19:20 - 2014-07-26 09:36 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UdpeTpove
2014-07-19 20:03 - 2014-07-26 09:01 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-19 20:03 - 2014-07-19 20:03 - 00000756 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-19 20:03 - 2014-07-19 20:03 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2014-07-19 20:03 - 2014-07-19 20:03 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2014-07-19 20:03 - 2014-07-19 20:03 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2014-07-19 20:03 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-19 20:03 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-18 11:55 - 2014-07-18 11:55 - 00000371 _____ () C:\WINDOWS\setupapi.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-28 18:43 - 2014-07-28 18:43 - 00015987 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\FRST.txt
2014-07-28 18:43 - 2014-07-25 20:52 - 00000000 ____D () C:\FRST
2014-07-28 18:43 - 2003-08-26 23:30 - 00000000 ____D () C:\Dokumente und Einstellungen\RA W**********\Lokale Einstellungen\Temp
2014-07-28 18:39 - 2014-07-25 18:14 - 01084416 _____ (Farbar) C:\Dokumente und Einstellungen\RA W**********\Desktop\FRST.exe
2014-07-28 18:35 - 2004-08-15 09:30 - 01648838 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-28 18:31 - 2003-08-29 01:01 - 00000346 _____ () C:\WINDOWS\Tasks\PC Health-Taskplaner für Upload-Bibliothek.job
2014-07-28 18:10 - 2006-11-30 01:21 - 00000443 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-07-28 18:08 - 2014-03-27 19:11 - 00000240 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
2014-07-28 18:08 - 2014-03-24 10:59 - 00001102 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 18:08 - 2012-07-14 18:34 - 00000310 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-755217877-3979986834-3842289397-1005.job
2014-07-28 18:08 - 2011-10-23 13:04 - 00000288 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-755217877-3979986834-3842289397-1005.job
2014-07-28 18:08 - 2009-09-27 18:05 - 00092516 _____ () C:\WINDOWS\system32\nvapps.xml
2014-07-28 18:08 - 2003-08-20 13:58 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-28 06:11 - 2003-08-26 23:30 - 00000190 ___SH () C:\Dokumente und Einstellungen\RA W**********\NTUSER.INI
2014-07-28 06:11 - 2003-08-20 13:58 - 00032004 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-28 06:10 - 2006-11-23 00:55 - 00000000 ____D () C:\Dokumente und Einstellungen\RA W**********\Anwendungsdaten\FRITZ!
2014-07-28 06:10 - 2003-08-26 23:30 - 00000000 ____D () C:\Dokumente und Einstellungen\RA W**********
2014-07-28 06:05 - 2014-03-24 11:00 - 00001106 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 05:48 - 2003-08-20 13:55 - 00012598 _____ () C:\WINDOWS\system32\WPA.DBL
2014-07-27 13:06 - 2011-10-23 13:04 - 00000296 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-755217877-3979986834-3842289397-1005.job
2014-07-26 18:41 - 2012-07-14 18:34 - 00000318 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-755217877-3979986834-3842289397-1005.job
2014-07-26 18:24 - 2014-07-26 18:24 - 00026760 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\FRST_14-07-26_18-20.txt
2014-07-26 11:16 - 2004-05-29 08:17 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-26 10:22 - 2003-08-20 13:42 - 00000000 ____D () C:\WINDOWS\Registration
2014-07-26 09:36 - 2014-07-20 19:20 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UdpeTpove
2014-07-26 09:36 - 2013-12-27 15:58 - 00000000 __HDC () C:\WINDOWS\ie8
2014-07-26 09:32 - 2014-07-26 09:32 - 00001558 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\malwarebytes_14-07-26.txt
2014-07-26 09:01 - 2014-07-19 20:03 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 08:49 - 2014-07-26 08:40 - 00026268 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\FRST_14-07-26_08-48.txt
2014-07-26 08:40 - 2014-07-26 08:39 - 00000466 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\defogger_disable.log
2014-07-26 08:35 - 2014-07-25 21:34 - 00380416 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\Gmer-19357.exe
2014-07-25 21:24 - 2013-03-09 12:32 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-07-25 20:49 - 2014-07-25 20:49 - 00000000 _____ () C:\Dokumente und Einstellungen\RA W**********\defogger_reenable
2014-07-25 20:46 - 2014-07-25 20:46 - 00000816 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\Avira_Ereignisse_2014-07-10_bis_25.txt
2014-07-25 20:39 - 2014-07-25 20:39 - 00000816 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\Avira_Ereignisse_0.txt
2014-07-25 20:37 - 2014-07-25 20:37 - 00000816 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\Avira_Ereignisse_1.txt
2014-07-25 18:10 - 2014-07-25 18:10 - 00050477 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\Defogger.exe
2014-07-25 17:15 - 2005-12-27 21:37 - 00000414 _____ () C:\WINDOWS\Tasks\1-Klick-Wartung.job
2014-07-20 20:52 - 2014-07-20 20:52 - 00001185 _____ () C:\Dokumente und Einstellungen\RA W**********\Desktop\malwarebytes_14-07-20.txt
2014-07-20 18:26 - 2013-10-03 02:54 - 00000000 ____D () C:\Dokumente und Einstellungen\RA W**********\Anwendungsdaten\vlc
2014-07-19 20:03 - 2014-07-19 20:03 - 00000756 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-19 20:03 - 2014-07-19 20:03 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2014-07-19 20:03 - 2014-07-19 20:03 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2014-07-19 20:03 - 2014-07-19 20:03 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2014-07-19 20:03 - 2003-08-20 13:42 - 00000000 ___RD () C:\Programme
2014-07-19 20:03 - 2003-08-20 13:42 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-07-19 20:02 - 2003-10-14 08:17 - 00040520 ____C () C:\Dokumente und Einstellungen\RA W**********\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2014-07-19 17:40 - 2006-10-03 12:42 - 00000000 ___RD () C:\Dokumente und Einstellungen\RA W**********\Eigene Dateien\Eigene Bilder
2014-07-18 11:59 - 2013-11-13 07:21 - 00001080 _____ () C:\WINDOWS\setupact.log
2014-07-18 11:55 - 2014-07-18 11:55 - 00000371 _____ () C:\WINDOWS\setupapi.log
2014-07-17 20:00 - 2003-08-29 00:00 - 00235008 _____ () C:\Dokumente und Einstellungen\RA W**********\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-16 17:54 - 2012-04-22 09:40 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-16 17:54 - 2011-06-18 07:51 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-12 10:43 - 2012-07-14 18:34 - 00000336 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-755217877-3979986834-3842289397-1005.job
2014-07-10 01:56 - 2013-07-30 07:50 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 01:51 - 2005-11-20 13:47 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-08 15:09 - 2014-03-27 19:11 - 00000234 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2014-07-03 18:40 - 2014-01-26 14:49 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\RA W**********\Lokale Einstellungen\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================ --- --- ---
--- --- ---
und die Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-07-2014
Ran by RA W********** at 2014-07-28 18:44:30
Running from C:\Dokumente und Einstellungen\RA W**********\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.57 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Avidemux 2.5 (HKLM\...\Avidemux 2.5) (Version: 2.5.3.0 - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version: - )
AVM FRITZ!DSL (HKLM\...\FRITZ!DSL) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2474 - CDBurnerXP)
Companion Suite Pro LL (HKLM\...\{BB919664-CCE8-4217-BEF5-29B82005A4D9}) (Version: 1.1.5 - Companion)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
dakota.ag (HKLM\...\{FF748561-FFFE-11D3-A06B-00E02939A7B1}) (Version: 3.0.0.56 - ITSG)
DAO 3.5/3.6 (HKLM\...\DAO) (Version: - )
DAO 3.6 (HKLM\...\{5A079749-C925-11D5-8229-00500440ED05}) (Version: - )
Dell Picture Studio - Dell Image Expert (HKLM\...\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}) (Version: 3.4.1 - Jasc Software Inc)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC)
Driver Detective (HKLM\...\{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}) (Version: 7.0.0 - PC Drivers HeadQuarters)
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0001 - Dell)
DVDx 2.2 (HKLM\...\DVDx 2.2_is1) (Version: - )
Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788-009027ABA5D0}) (Version: 5.3.4.21 - Roxio Inc)
ElsterFormular 2006/2007 (HKLM\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ffdshow [rev 3233] [2010-01-28] (HKLM\...\ffdshow_is1) (Version: 1.0.0.3233 - )
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Haufe iDesk-Browser (HKLM\...\{A1B80495-4ED3-4ED0-BD57-7F9E0A0EDF35}) (Version: 6.10.31.3152 - Haufe)
Haufe Runtime (HKLM\...\Runtime) (Version: - )
Help and Support Customization (Version: 1.00.0000 - Dell) Hidden
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.2 - Hewlett-Packard Company)
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
Lexware financial office 2005 (Version: 9.00 - Lexware) Hidden
Lexware financial office Juli 2005a (Version: 9.50 - Lexware) Hidden
Lexware know how buchhaltung mini (HKLM\...\KHB_BH_M) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.0.1 (HKLM\...\{7F231232-C309-4401-964A-2A002B6E1ED9}) (Version: 2.0.6706.0 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version: - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 97 (HKLM\...\Word8.0) (Version: - )
Microsoft Works 7.0 (HKLM\...\{EDDDC607-91D9-4758-9F57-265FDCD8A772}) (Version: 07.02.0702 - Microsoft Corporation)
Microsoft Works Setup Launcher (HKLM\...\Works99Setup) (Version: - )
Mobile Upgrade S 4.0.6 (HKLM\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Communication Technology Holdings Limited)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML (Version: 1.00.0000 - Companion) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
Music Manager (HKLM\...\{5AFA4872-16B2-419E-ADCA-8E96E739115D}) (Version: 10.20.0002 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PaperPort (HKLM\...\{DF4C31CF-0EED-4680-873F-F6AD64E21B46}) (Version: 9.02.0823 - ScanSoft, Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}) (Version: 2.5.195.0 - Tracker Software Products Ltd.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
RealDownloader (HKLM\...\{0B2D57D5-8BFD-4554-A9B6-CC8CC0580F1D}) (Version: 1.1.0 - RealNetworks, Inc.)
SafeCast Shared Components (HKLM\...\CdaC13Ba) (Version: - Macrovision)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Simple Sudoku 4.2 (HKLM\...\Simple Sudoku_is1) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
sv.net (HKLM\...\sv.net) (Version: 5.0 - ITSG GmbH)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
TA 33 USB (HKLM\...\{59E4ACC0-7237-4545-8F00-0230138F1A76}) (Version: 1.11.0.342 - DeTeWe)
TAXMAN 2007 spezial (Version: 13.00 - Lexware) Hidden
ThumbsPlus 2000-SE (HKLM\...\ThumbsPlus2000) (Version: - )
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VirtuaGirl 2 (HKLM\...\VirtuaGirl 2) (Version: - Totem Entertainment)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 9 Series Power Toy - Ratings Migration (HKLM\...\RatingsMigration) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)
WinFam (HKLM\...\WinFam) (Version: - )
Xvid MPEG-4 Video Codec (HKLM\...\Xvid_is1) (Version: - )
XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME) (HKLM\...\XviD) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\InprocServer32 -> G:\Programme\Mozilla Firefox\AccessibleMarshal.dll (Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{3A2B370C-BA0A-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\WINDOWS\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\InprocServer32 -> C:\WINDOWS\system32\RICHTX32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\system32\RICHTX32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{AC5D0DDE-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\WINDOWS\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{AC5D0DDF-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\WINDOWS\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{AC5D0DE0-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\WINDOWS\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{AC5D0DE1-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\WINDOWS\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{AC5D0DE2-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\WINDOWS\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{AC5D0DE3-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\WINDOWS\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{AC5D0DE4-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\WINDOWS\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{AC5D0DE5-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\WINDOWS\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\RICHTX32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-755217877-3979986834-3842289397-1005_Classes\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}\InprocServer32 -> C:\WINDOWS\system32\RICHTX32.OCX (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2002-08-29 06:00 - 2002-08-29 06:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\1-Klick-Wartung.job => C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PC Health-Taskplaner für Upload-Bibliothek.job => C:\WINDOWS\PCHealth\UploadLB\Binaries\UploadM.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-755217877-3979986834-3842289397-1005.job => C:\Programme\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-755217877-3979986834-3842289397-1005.job => C:\Programme\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-755217877-3979986834-3842289397-1005.job => C:\Programme\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-755217877-3979986834-3842289397-1005.job => C:\Programme\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-755217877-3979986834-3842289397-1005.job => C:\Programme\Real\RealUpgrade\realupgrade.exe
==================== Loaded Modules (whitelisted) =============
2007-09-09 15:45 - 2006-09-14 04:11 - 00034816 _____ () C:\WINDOWS\system32\LFXPJL2K.DLL
2006-10-22 12:22 - 2006-10-22 12:22 - 00212992 _____ () C:\WINDOWS\system32\nvapi.dll
2006-09-14 04:01 - 2006-09-14 04:01 - 00151552 _____ () C:\WINDOWS\system32\LFXGDIPO.exe
1997-10-18 00:00 - 1997-10-18 00:00 - 00051984 _____ () C:\Programme\Microsoft Office\Office\OSA.EXE
1997-10-18 00:00 - 1997-10-18 00:00 - 03782416 _____ () C:\Programme\Microsoft Office\Office\MSO97.DLL
2010-12-27 12:42 - 2010-03-04 23:38 - 00071096 _____ () H:\Programme\CDBurnerXP\NMSAccessU.exe
2012-03-23 12:31 - 2012-03-23 12:31 - 00031920 _____ () C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Run => C:\WINDOWS\~wps_tp\testpage C:\WINDOWS\SYSTEM\WPSIOMON
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/21/2014 06:52:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung plugin-container.exe, Version 30.0.0.5269, fehlgeschlagenes Modul , Version 30.0.0.5269, Fehleradresse 0x0000141b.
Das medienspezifische Ereignis für [plugin-container.exe!ws!] wird verarbeitet.
Error: (07/21/2014 00:22:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung WINWORD.EXE, Version 8.0.0.4412, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (07/21/2014 00:20:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung WINWORD.EXE, Version 8.0.0.4412, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (07/20/2014 11:46:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung WINWORD.EXE, Version 8.0.0.4412, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (07/18/2014 00:21:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung vlc.exe, Version 2.1.3.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (07/05/2014 05:14:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung plugin-container.exe, Version 30.0.0.5269, fehlgeschlagenes Modul mozalloc.dll, Version 30.0.0.5269, Fehleradresse 0x0000141b.
Das medienspezifische Ereignis für [plugin-container.exe!ws!] wird verarbeitet.
Error: (07/03/2014 10:32:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung plugin-container.exe, Version 30.0.0.5269, fehlgeschlagenes Modul mozalloc.dll, Version 30.0.0.5269, Fehleradresse 0x0000141b.
Das medienspezifische Ereignis für [plugin-container.exe!ws!] wird verarbeitet.
Error: (06/13/2014 09:15:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung plugin-container.exe, Version 30.0.0.5269, fehlgeschlagenes Modul mozalloc.dll, Version 30.0.0.5269, Fehleradresse 0x0000141b.
Das medienspezifische Ereignis für [plugin-container.exe!ws!] wird verarbeitet.
Error: (06/02/2014 07:36:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error: (05/26/2014 06:12:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung taskmgr.exe, Version 5.1.2600.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
System errors:
=============
Error: (07/28/2014 06:10:46 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.20 deaktiviert, da
die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,
von der die Adressen DHCP-Clients zu gewiesen werden. Ändern
Sie den Bereich, sodass die IP-Adresse mit einbezogen wird,
oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses
Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error: (07/28/2014 06:10:46 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
Error: (07/28/2014 06:10:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (07/28/2014 05:50:32 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.20 deaktiviert, da
die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,
von der die Adressen DHCP-Clients zu gewiesen werden. Ändern
Sie den Bereich, sodass die IP-Adresse mit einbezogen wird,
oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses
Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error: (07/28/2014 05:50:32 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
Error: (07/28/2014 05:49:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (07/26/2014 09:39:47 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.20 deaktiviert, da
die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,
von der die Adressen DHCP-Clients zu gewiesen werden. Ändern
Sie den Bereich, sodass die IP-Adresse mit einbezogen wird,
oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses
Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error: (07/26/2014 09:39:47 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
Error: (07/26/2014 09:38:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (07/26/2014 09:36:39 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume2
Microsoft Office Sessions:
=========================
Error: (07/21/2014 06:52:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526930.0.0.52690000141b
Error: (07/21/2014 00:22:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000
Error: (07/21/2014 00:20:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000
Error: (07/20/2014 11:46:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE8.0.0.4412hungapp0.0.0.000000000
Error: (07/18/2014 00:21:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: vlc.exe2.1.3.0hungapp0.0.0.000000000
Error: (07/05/2014 05:14:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.5269mozalloc.dll30.0.0.52690000141b
Error: (07/03/2014 10:32:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.5269mozalloc.dll30.0.0.52690000141b
Error: (06/13/2014 09:15:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.5269mozalloc.dll30.0.0.52690000141b
Error: (06/02/2014 07:36:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007041d
Error: (05/26/2014 06:12:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 1023 MB
Available physical RAM: 644.46 MB
Total Pagefile: 1693.45 MB
Available Pagefile: 1285 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.69 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:9.33 GB) (Free:0.47 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (Kanzlei) (Fixed) (Total:32.57 GB) (Free:0.35 GB) NTFS
Drive h: (Privat) (Fixed) (Total:32.56 GB) (Free:0.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=65 GB) - (Type=OF Extended)
==================== End Of Log ============================ Die Summe der Partitionen stimmt nicht: Ich hab 80 GB, 9 GB als LW C:\ .
Gruß |