![]() |
|
Log-Analyse und Auswertung: Avira hat unbekanntes Objekt gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Avira hat unbekanntes Objekt gefunden Hallo! Hab seit einigen Tagen das Problem, dass beim scannen mit Avira eine Meldung erscheint, die mich darüber informiert, dass ein verstecktes Objekt gefunden wurde. Leider ohne Angabe, wo sich dieses befindet und was es bewirkt. Hab zwar schon bemerkt, dass sowas nicht unbedingt schädlich sein muss, verfüge aber nicht über die nötigen Kenntnisse um mir Gewissheit zu verschaffen und möchte daher hier um Hilfe bitten. Es handelt sich bei dem Gerät um einen ca. 4 Jahre alten Laptop mit Windows 7 32bit. Hier die Logfiles: -Farbar's Recovery Scan Tool : Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014 Ran by timo at 2014-11-11 12:49:45 Running from C:\Users\timo\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation) ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros) Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung) Business Contact Manager für Outlook 2007 SP1 (HKLM\...\Business Contact Manager) (Version: 3.0.7311.0 - Microsoft Corporation) Business Contact Manager für Outlook 2007 SP1 (Version: 3.0.7311.0 - Microsoft Corporation) Hidden CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version: - dvd8n) CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung) Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung) Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation) Epson Printer Software Downloader (HKLM\...\Epson Printer Software Downloader) (Version: - ) Epson Printer Software Downloader (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) Epson Stylus SX110_TX110 Manual (HKLM\...\Epson Stylus SX110_TX110 User’s Guide) (Version: - ) EPSON SX110 Series Printer Uninstall (HKLM\...\EPSON SX110 Series) (Version: - SEIKO EPSON Corporation) Exact Audio Copy 0.99pb5 (HKLM\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff) GOG.com Downloader version 3.6.0 (HKLM\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com) Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation) Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{1D1D8ADC-BF08-4E61-9393-5FA305B16864}) (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{5C759B74-34F4-43C6-A5D9-039CB754C5E9}) (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation) OpenOffice.org 3.2 (HKLM\...\{192A107E-C6B9-41B9-BDBF-38E3AA226054}) (Version: 3.2.9483 - OpenOffice.org) ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.) Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung) Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung) Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) Sanitarium (HKLM\...\GOGPACKSANITARIUM_is1) (Version: 2.0.0.25 - GOG.com) Soda PDF 6 (HKLM\...\Soda6) (Version: 6.1.9.15110 - LULU Software Limited) Soda PDF 6 Convert Module (HKLM\...\{BB8E1BCF-AE3B-44F4-A3B1-BFDEEDFE9D1D}) (Version: 6.1.8.15098 - LULU Software Limited) Soda PDF 6 Create Module (HKLM\...\{35709A4D-0D4F-4CBD-BE15-4361885217A6}) (Version: 6.1.8.15098 - LULU Software Limited) Soda PDF 6 Edit Module (HKLM\...\{E2318CE7-8F9A-48DD-B85B-BAAD3097CA6D}) (Version: 6.1.8.15098 - LULU Software Limited) Soda PDF 6 Insert Module (HKLM\...\{946BF77C-726A-4ABE-9490-585EF18BFBDC}) (Version: 6.1.8.15098 - LULU Software Limited) Soda PDF 6 View Module (HKLM\...\{719A8CE6-9E05-4321-833C-E84FAD8B68DF}) (Version: 6.1.8.15098 - LULU Software Limited) StarBurn Version 12r10 (Build 0x20091021) (HKLM\...\StarBurn_is1) (Version: - Rocket Division Software) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated) Uniblue RegistryBooster (HKLM\...\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1) (Version: - Uniblue Systems Ltd) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.3042.00 - Microsoft Corporation) Update for Office 2007 (KB934528) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - ) Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - ) User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team) Winamp (HKLM\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 05-11-2014 18:28:14 Installed Dawn of War 05-11-2014 18:34:43 Installed Dawn of War 05-11-2014 18:45:53 Removed Dawn of War 07-11-2014 08:53:29 Windows Update 09-11-2014 18:00:37 Windows-Sicherung 11-11-2014 07:21:25 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0134E946-C63A-4375-B933-66C4B5739623} - System32\Tasks\{0D684E03-E16D-4657-A96B-281EF27DBFB9} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {0242A9DF-9740-4212-AA21-ECD06131135B} - System32\Tasks\{5D3BD2C8-504A-4A2C-8A88-6FC4A2189DBF} => D:\Diablo II\Diablo II\Diablo II.exe Task: {026DF089-E6DC-478B-AC20-F5E2ABE16E80} - System32\Tasks\{C8CB2A5A-AADB-41FB-A28F-2B3958E7C7A4} => D:\games\wizadry 6\Wizardry.6-www.oldgames.sk-Compilation.exe Task: {0335267B-AFF2-42F5-8BB3-AD9FAB9235A6} - System32\Tasks\{94688C24-0C83-46B1-8F70-8D8AF5097B85} => C:\Program Files\GOG.com\Icewind Dale II\IWD2.exe Task: {08DC68FB-4A3E-4939-AC3C-A0B0CB50D2E0} - System32\Tasks\{7E5C4542-B930-416F-A1DF-C637B29B5E13} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {0B7F4D0F-1957-4D6C-944D-89EAD093C396} - System32\Tasks\{8747A850-06B9-47C2-9D49-638F24E7C298} => C:\Program Files\GOG.com\Icewind Dale II\IWD2.exe Task: {0EFC1D9E-6D06-48C3-B965-82D7CF46DC74} - System32\Tasks\{67157E9A-15B4-45E5-B2DB-D89FD7072F98} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {1222F01C-8575-47ED-A92E-B0EBD380F660} - System32\Tasks\{27B59D04-90F4-4358-A57B-98BB38D982EB} => E:\English_Autorun.exe Task: {12C17941-357F-45C0-9F40-C1F7D35C79EC} - System32\Tasks\{035EB14E-99E4-4BDC-B563-671859283180} => C:\Program Files\Oldgames\Wizardry 6\dosbox.exe Task: {131C6103-3466-44D9-823A-607D75872791} - System32\Tasks\{A9067071-DA0D-46A2-AC0A-0DA413CE554A} => C:\Program Files\GOG.com\Icewind Dale II\IWD2.exe Task: {147CEB48-66A5-4C0D-A3D3-CBC643746E1B} - System32\Tasks\{6BB8EABC-705F-45C1-B0D8-4CE331170BD2} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {1524794D-3B8A-469D-9A00-59B66085AE51} - System32\Tasks\{653CF444-FEB5-4F47-8588-C241F13AABA4} => D:\games\heroes of might\Heroes of Might and Magic III - Complete Portable.exe Task: {178C394E-6BA7-451B-B8DC-469F7D80294B} - System32\Tasks\{76789700-73E2-479D-80A2-F9A6F1293656} => E:\Setup.exe Task: {17B5201A-D6DC-4D9B-9EAD-D2A2FB35C324} - System32\Tasks\{8590FDFE-D5AF-4592-BA57-064CADDCDC56} => C:\Program Files\GOG.com\Icewind Dale II\IWD2.exe Task: {19C5ABA3-A29B-4601-A0FE-C1B8C6783078} - System32\Tasks\{6F38A628-3DFA-4428-AC04-6E3938C43CFD} => D:\games\ice2\setup_icewind_dale_2.exe [2010-12-13] (GOG.com ) Task: {1CCDF7FB-ACBA-4D0A-87CC-1EFE7E679086} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.) Task: {1D285DFF-DD13-4771-AC26-C71CE3741614} - System32\Tasks\{927ABDD2-323F-4615-A6ED-437138B5F5E6} => D:\games\heroes of might\Heroes of Might and Magic III - Complete Portable.exe Task: {1D338013-DBD4-41C5-A32F-05641153F1FE} - System32\Tasks\{28A3445F-0325-4611-847B-1BBA30EB1B7C} => E:\DE\_setup\Setup.exe Task: {1D6C606A-4B23-4200-97AE-3905E75353D2} - System32\Tasks\{967442DF-2766-48F7-ACB7-D7FE655EB15B} => D:\games\App\Fallout\Falloutw.exe Task: {21EF02BB-80DF-4DE2-8750-295C0595D56D} - System32\Tasks\{83DF5BB5-8AE9-4162-B927-ADD14941A0CC} => C:\Program Files\GOG.com\Icewind Dale II\IWD2.exe Task: {258BA975-348E-4237-A5F6-0BAB39DA661B} - System32\Tasks\{CB2EDA90-8232-463B-83D9-270E85F20DC4} => E:\INSTALL.EXE Task: {27BD1143-3D1C-4AE8-9B01-8E5A4EBF67B4} - System32\Tasks\{0CBA4385-9C05-4245-8198-C074AABC1F14} => C:\Program Files\Oldgames\Albion CD English\dosbox.exe Task: {27D52DB6-73C0-4BA8-A2A6-DCD064B75D11} - System32\Tasks\{E60028E3-3480-4828-9889-3C1B5430A0B1} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {28A3DA61-351F-4B10-B4C8-CBF5D211EE28} - System32\Tasks\{73F94FB2-3176-4FE0-97E0-6C41CBA1D8AF} => C:\Program Files\Oldgames\Civilization\dosbox.exe Task: {28C66E34-EC52-478E-943A-64A3438F6067} - System32\Tasks\{59328CDC-9D06-43FB-9F82-FB4F8B65A97B} => D:\games\ultima underworld\Ultima.Underworld.12.CD-www.oldgames.sk-Compilation.exe Task: {2D0CFBF7-2047-44EF-A012-D595203D3020} - System32\Tasks\{22033AC6-0556-4FC2-A05E-81D266A35C41} => C:\Program Files\Bullfrog\Keeper\keepd3d.exe Task: {2F2779A8-2F53-444E-ABA7-DB2E6D85FE11} - System32\Tasks\{D38B5250-5032-42E0-A61E-B13481FF1AA9} => C:\Program Files\Bullfrog\Keeper\keepd3d.exe Task: {2FAF5A24-366D-486D-B0D4-1D153AE45FB6} - System32\Tasks\{88FD6EDA-E54D-4AAC-9BC1-979A5CC31DED} => C:\Program Files\Oldgames\Albion CD English\dosbox.exe Task: {31C68D58-AC39-4AF3-8080-45603F50948A} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-09-21] (Samsung Electronics. Co. Ltd.) Task: {358CD9CF-1880-46B8-A72A-673DF4223E54} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION) Task: {394F9CEE-D5BD-412A-9163-70118EA299A8} - System32\Tasks\{4D5F9680-E751-49BE-941E-C45512CE35F1} => E:\PLAYD2.EXE Task: {39B300CD-719C-49C7-B8AC-260AC841FD9B} - System32\Tasks\{779B8943-B69E-4E4F-BF8A-65B34ADEFEA5} => C:\Program Files\Oldgames\Quake Shareware\dosbox.exe Task: {3BFDC76E-8060-40EE-9551-73F88ACDC2A1} - System32\Tasks\{1140A744-0382-4E78-8B58-ED5AF3334361} => C:\Program Files\Bullfrog\Keeper\keepd3d.exe Task: {3C13E7DD-64BE-4C46-8C96-E47C41484719} - System32\Tasks\{40708FCE-4E0F-4842-BF1D-DF405067FD7C} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {3FB3D3F4-2B40-436F-A697-DFB62C898DB5} - System32\Tasks\{88A05537-56D5-43A2-B21B-0CF5DB25DFD2} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {421B8321-2657-42D0-989F-C3D39F391099} - System32\Tasks\{0334F169-95B4-453C-895B-3D10CFA2E08F} => D:\games\ice2\setup_icewind_dale_2.exe [2010-12-13] (GOG.com ) Task: {48FF7814-963D-4F92-8835-4673C63315C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.) Task: {4C08829E-A62F-48EE-B8A2-A8B5CD566452} - System32\Tasks\{E268C70C-CD56-45CA-8F98-DBEF27C0CB62} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {4E9E2068-4031-4AC0-97A2-839E39BFAD7E} - System32\Tasks\{044C55C6-CBC7-4CE9-92EB-8F0072705873} => E:\Autorun.exe Task: {50FFF52D-F6F2-4606-BBA3-7F09952C6DDB} - System32\Tasks\{5ECBCD2A-8F57-45E3-AD10-6D9FB132AC07} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {518A6013-36CF-4683-9D6E-340EE2C831C0} - System32\Tasks\{63013C7B-F6CE-4470-AFEC-F0D10669EAE4} => C:\Program Files\Oldgames\Quake Shareware\dosbox.exe Task: {568E6DE9-9CBC-47C0-AE17-7F928C70261C} - System32\Tasks\{C534239D-97AF-421D-B693-A7BC208340DA} => D:\games\App\Fallout\Falloutw.exe Task: {59FFE40A-A0F5-4CB7-98BF-705DBB93D662} - System32\Tasks\{A05FB38E-93E5-4B6E-93C3-5DCF4BAF2B57} => C:\Program Files\Bullfrog\Keeper\keepd3d.exe Task: {5BC0A524-7DEF-47AC-B6FC-90B9B0E17810} - System32\Tasks\{A2488BE6-5AB1-42DE-9AB1-AFDC23C1167A} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {5DB67C1D-10A6-4B4A-8A85-981D0A234167} - System32\Tasks\{757E2FEE-F022-4945-96E2-415FB3610580} => C:\Program Files\Oldgames\Civilization\dosbox.exe Task: {5FE27452-E07F-44E5-900B-2703749BA3B9} - System32\Tasks\{2B83E6D8-6572-4F86-A78B-0543974ABE95} => D:\games\Albion.CD.English-www.oldgames.sk-Compilation.exe Task: {6060DFF4-90BA-49CD-AA7E-228BE1AE6EB1} - System32\Tasks\{3F599AFA-AAE1-4611-9475-181D6F1BAB62} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {60B979E7-B5F7-4220-85E9-1989923D0364} - System32\Tasks\{1D855BA3-07DD-47C1-9753-5EB8812D7A39} => C:\WPIR\wp.exe Task: {637B864A-1916-40C8-A271-22424AC63256} - System32\Tasks\{93C68D03-E656-4122-97DC-8ADF902CF026} => C:\Program Files\GOG.com\Icewind Dale II\IWD2.exe Task: {65B1985D-A6B4-409E-AFD5-DE22B3623AD6} - System32\Tasks\{4B90D9C1-D531-4BD7-A8A9-8C20597C8335} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {66C32559-3BF4-4CDE-8292-CF653355C3C2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics) Task: {694B5F78-518B-45E7-A7F1-F4BF4773127D} - System32\Tasks\{7FBA864A-540A-4987-A584-F77CF1F074AA} => D:\games\fallout\Fallout\Falloutw.exe Task: {6AA62FFB-806E-4CAB-8F22-FB2A5CE43619} - System32\Tasks\{4F415B48-F209-4B8F-AAAF-457AD2683C3F} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {71B11801-32B9-4DA5-95BC-100931CC4D79} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated) Task: {7788BAD6-DF9D-4BA2-BD38-73BD3D1543F5} - System32\Tasks\{0A304364-B9A9-4AC6-9554-E827435E496B} => C:\Program Files\Bullfrog\Keeper\keepd3d.exe Task: {8062AE3C-28DD-48D6-9CA3-24F7F956425F} - System32\Tasks\{B3EC30A9-97C1-4772-8E2F-3227322C6C2B} => C:\Program Files\Bullfrog\Keeper\keepd3d.exe Task: {843876FD-17DE-43EC-BC4F-AD382CEFA703} - System32\Tasks\{A43C8EA7-92BF-4D23-AAB6-EED0B4BDD636} => D:\games\App\Fallout\Falloutw.exe Task: {852BC1B9-C5CD-49CF-94E4-FBD172DB4A81} - System32\Tasks\{19C84C46-EB03-4F61-8FA5-F05ACE6A8F2C} => E:\INSTALL.EXE Task: {8DCEAEB7-FC4C-4248-AF16-BA6C2C12911C} - System32\Tasks\{0535C30B-043F-45F7-A3CB-99DBB7B60699} => C:\Program Files\Oldgames\Quake Shareware\dosbox.exe Task: {8EC9149A-AAFC-44ED-B4DB-F22B1361B003} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {9059E508-43FB-4D32-8924-8141F6C7AEB9} - System32\Tasks\{A0694AB4-693E-46CA-BF0C-4B0FEBCFC042} => C:\Program Files\Oldgames\Wing Commander\dosbox.exe Task: {91AAEE42-D4C8-4EDA-8578-98D6D329E084} - System32\Tasks\{E60D0CBF-80F1-4B6F-AEB1-D95D3CDBC289} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {9299FFD8-37CD-43EB-A004-D07279182044} - System32\Tasks\{E6179A5A-7747-40E3-AF0D-B1E80136C06A} => C:\Program Files\Bullfrog\Keeper\keepd3d.exe Task: {93C827FE-2593-495B-8D4A-92DE8ED623A2} - System32\Tasks\{507FB20F-062B-4712-9C0E-8D71D4606835} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {94435206-BEAA-4242-BA8A-4D7F2F447CB5} - System32\Tasks\{45682AF1-193D-495A-A573-7A6D4BBCFE28} => C:\WPIR\wp.exe Task: {95CE9878-2EAC-45A4-BD2D-31BBC14E886E} - System32\Tasks\{EF940902-B148-4F1A-A3C7-98CBF60B236F} => E:\PLAYD2.EXE Task: {987099A3-64EF-4130-8E0D-F5297A5E7956} - System32\Tasks\{1832C78B-B95E-44BB-834E-0DF08F9078B0} => D:\games\gauntlet\gauntlet.exe Task: {9ADF3464-41C6-441A-BDF1-1E68DE06B0EB} - System32\Tasks\{1FBB2D04-69CA-4143-9A06-279AA60F18BE} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {9B7504EC-5629-4164-AF96-7F50833B2084} - System32\Tasks\{57AD3EEE-AE8D-43D6-B2C5-44E48C661C1A} => C:\Program Files\Bullfrog\Keeper\keepd3d.exe Task: {9CC6A6EF-7861-4F24-A29B-41AF02CD75E3} - System32\Tasks\{4BF26CAC-3FFF-4EAF-B077-30F37D468DDB} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {9EC22669-BE54-41E7-9C14-6455C47EBEAB} - System32\Tasks\{9A03A5B0-6EAD-48B3-8DAD-A595218B3FFB} => C:\Program Files\GOG.com\Painkiller Black\Bin\Painkiller.exe Task: {9F2E32B0-4AA7-48F8-9E9C-DE36D482CFD7} - System32\Tasks\{A2F52AF0-41F6-4441-9296-C400D922C391} => C:\Program Files\Oldgames\Civilization\dosbox.exe Task: {A16F8143-6362-4415-8E0F-481E6D085932} - System32\Tasks\{7C3AB17D-61A5-4BFA-8F77-3925C5C73701} => D:\games\cadaver\Cadaver-www.oldgames.sk-Compilation.exe Task: {A2A49A4E-B5C4-47E7-9CD9-1A5F62DD1864} - System32\Tasks\{E903CD99-8247-489B-BE79-3E23BF911A20} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {A2B9B67E-A636-49DD-8D86-BDBEB96B7EF9} - System32\Tasks\{BB585DEE-381F-409D-B7A8-07C6329D64D7} => C:\Program Files\Oldgames\Wizardry 6\dosbox.exe Task: {A4B1EAED-738C-43C4-AB01-24234C78313E} - System32\Tasks\{B7021DC9-FB52-4F8B-A32B-438DAA52B167} => D:\games\legend of kyrandia\1\Legend.of.Kyrandia-www.oldgames.sk-Compilation.exe Task: {A6A4519F-ADA4-443A-82CC-276A5E3522DE} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC) Task: {A79C8447-8800-436D-9A48-D88F5608BDB8} - System32\Tasks\{B94C9446-E80E-4EA5-8778-D911BB3CD043} => D:\comics\setup.exe Task: {A8A09220-AD4B-4F59-887C-E5476D982E83} - System32\Tasks\{22A94F76-251B-44EF-BC6A-C1202EE76CFF} => C:\Program Files\Oldgames\Civilization\dosbox.exe Task: {AC16710C-8B5F-483B-BFFE-6572DB3BE7E5} - System32\Tasks\{77DFEF48-1BD9-414D-93C2-49F13AEE78AA} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {ACD9134C-A7BC-4F24-9D06-2BD684ADFA8F} - System32\Tasks\{41C92353-DCFF-49ED-B393-F46A1B9BA783} => C:\Program Files\Oldgames\Civilization\dosbox.exe Task: {AEDA5D1C-DAE9-4370-8D03-A1464BAF6283} - System32\Tasks\{17CA05A0-A3A4-4464-81E4-F645740F95DD} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {AFAFE9DC-FE2D-4857-91C3-07EFDF8AAAE1} - System32\Tasks\{D6BBC1EA-150A-4165-874A-5BF07AAA80C9} => C:\WPIR\wp.exe Task: {B87DFAC2-77C4-480B-A301-DCCFBCD1F9E2} - System32\Tasks\{BAF9144E-BE75-4221-9207-D56FC6603C3B} => F:\DKII.exe Task: {B9D3A2BD-0683-4878-8536-40ABCEBBAD3B} - System32\Tasks\{5EB61025-0E72-4519-870A-7F45508ABE47} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {BC8BB690-2283-47E7-BB6A-8FAC1BE98275} - System32\Tasks\{59F2047C-DFC5-4772-9FE2-384779D418AE} => C:\Program Files\Bullfrog\Keeper\keepd3d.exe Task: {C027CD12-0BF7-4AAC-B846-8E0976663CCB} - System32\Tasks\{C8800DE2-2794-4138-8494-5F35CA2F3CDF} => E:\English_Autorun.exe Task: {C1FCBC19-F0BF-4BF5-A053-F90C989066B7} - System32\Tasks\{ED421752-C5F2-4B29-925D-A18670F50862} => E:\Autorun.exe Task: {C3B4B48D-A1A7-4726-ABA5-1889E4FB254F} - System32\Tasks\{A6471BA3-9971-479A-9E08-112A9C018A41} => C:\Program Files\Oldgames\Civilization\dosbox.exe Task: {C4994877-5BF5-4EA6-982D-E8E19654C328} - System32\Tasks\{2044E554-DE69-4853-AE9A-04E4649BB4F9} => C:\Program Files\GOG.com\Icewind Dale II\IWD2.exe Task: {C4C0CF59-AFD6-4E46-8F19-FECAF3AB6955} - System32\Tasks\{78182F41-D2A0-4450-919E-B76F1E472236} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {C548346D-4DBC-488E-A80F-31B079AA760E} - System32\Tasks\{D8479435-A79B-4F71-9705-E48D94D04274} => E:\Autorun.exe Task: {C7AD6C6B-CB53-402E-BDED-3E55E922E51C} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] () Task: {C81DC1D6-23EE-4F5E-B810-FFE52C15066A} - System32\Tasks\{3A86C937-6983-4336-8BAA-8F9D466B8F82} => C:\Program Files\GOG.com\Icewind Dale II\IWD2.exe Task: {C884E929-BF72-4D6E-937A-292EDF949C9C} - System32\Tasks\{33841BB9-C0AA-4D7D-8048-CB70AAE7160D} => E:\LaunchEAWG.exe Task: {C9A3991B-88AD-430A-94AF-579DF01E1D21} - System32\Tasks\{734270EF-7747-4F62-B9D0-E68BE01FF2E0} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {C9F080F0-A980-4244-ABA6-451616215971} - System32\Tasks\{1F9FA5AD-C4D0-43FA-8828-80042F35C351} => D:\games\App\Fallout\Falloutw.exe Task: {CAFB7D56-FA3F-47C2-9D0D-0A2FF4E58CB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.) Task: {D14D0B53-CBD7-4C2D-8026-413A04E463CD} - System32\Tasks\{DF6C123C-3DDD-47C4-AB3C-A4B76E63B56D} => D:\games\ice2\setup_icewind_dale_2.exe [2010-12-13] (GOG.com ) Task: {D439AAFA-8591-4859-9B96-678281819BDF} - System32\Tasks\{350D93FB-B1C8-4BEE-B15C-300370123EE3} => D:\games\App\Fallout\Falloutw.exe Task: {DA0B4E71-BBF4-4D8F-8DAE-1D30FA4A9C48} - System32\Tasks\{608C0145-97EE-4134-ACBB-3AB8E2133FCE} => C:\Program Files\Oldgames\Quake Shareware\dosbox.exe Task: {DB2E3726-A8E2-4743-8669-13387F7AECB0} - System32\Tasks\{F1F85CE7-203C-41AE-B2F8-71A22C9C7C3A} => C:\Program Files\Oldgames\Ultima 7 Complete\dosbox.exe Task: {DE03E44A-10F9-4436-A333-10759A82C4EC} - System32\Tasks\{3A2ACB3A-AB3F-4702-8860-2D788B4FCDF0} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {DF1FAFBB-D2CC-4736-8C9C-1F2A2BAD7909} - System32\Tasks\{A1DACA33-6E62-4CBC-A097-545A30057CB0} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {DF494502-211B-4A1A-8E87-99EB35E7C8C9} - System32\Tasks\{CAA65B54-003E-4288-9E36-65A43CB52084} => C:\WPIR\wp.exe Task: {E0190A46-DF2E-4555-86AF-7F1557CDC19D} - System32\Tasks\{D3B1CDC8-E918-4420-ACBF-58FF10C0601D} => D:\games\Albion.CD.English-www.oldgames.sk-Compilation.exe Task: {E1944071-484B-46F4-A122-B10D39DB06A1} - System32\Tasks\{26433780-8208-4B92-A2A0-208655A23546} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {E39B7D1E-EB72-4456-A3FC-6B61C57132E0} - System32\Tasks\{7751D940-0824-4ED3-B0E7-9A8B2E2DF9FD} => C:\Program Files\Oldgames\Ultima Underworld CD\dosbox.exe Task: {E458E79A-35CB-42DC-9826-87F5D9BC3C43} - System32\Tasks\{B7F4A197-F663-4501-A9AB-6122A2C10852} => D:\games\gauntlet\gauntlet.exe Task: {E768B93B-0E22-4ED7-81B0-0A1E6BC305BA} - System32\Tasks\{EFB6D0A0-177C-4D87-8906-D1E7D55BB77F} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {E8E07382-D96D-478C-937F-C16C63B4B4EA} - System32\Tasks\{4BD47C97-A277-43F7-885A-65B45EBAC3B1} => C:\Program Files\GOG.com\Icewind Dale II\IWD2.exe Task: {EE56097A-1951-40D6-808A-52DA884AA804} - System32\Tasks\{50773828-8FA4-46F5-AF73-E8F0C8CAE55E} => D:\games\heroes of might\Heroes of Might and Magic III - Complete Portable.exe Task: {EE8EFE70-D3EE-4CAB-BE4D-BDA7BB0FA881} - System32\Tasks\{7556297C-F08A-4271-8EF3-9BF177D6678C} => D:\games\App\Fallout\Falloutw.exe Task: {EED48309-89BF-4F8A-95C9-17F80EEE878F} - System32\Tasks\{98E079AB-812D-4BEB-978C-61C63A537C29} => C:\Program Files\Oldgames\Cadaver\dosbox.exe Task: {F1363471-08F4-4B51-AC6C-0371E9A4EFAC} - System32\Tasks\{12F6AAB8-CCE7-433F-B3B2-71DE159CF185} => D:\comics\setup.exe Task: {F7EB409F-A87B-4F72-B40E-F92CD3623086} - System32\Tasks\{E45EDA73-D4EC-461C-A69F-EC1F72AA6EA7} => D:\games\fallout\Fallout\Falloutw.exe Task: {FCC85F9D-CE13-4427-ABDC-98A596891E6A} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.) Task: {FF520546-9FBB-40D0-B9B4-CEE701894095} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-09-22 06:26 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2010-05-05 15:09 - 2009-03-12 14:45 - 00135168 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll 2010-05-05 15:09 - 2008-11-21 12:58 - 00057344 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll 2009-10-20 20:02 - 2010-05-28 15:06 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2014-11-10 21:15 - 2014-11-10 21:15 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 AlternateDataStreams: C:\ProgramData\Temp:5C5A503E AlternateDataStreams: C:\ProgramData\Temp:A42A9F39 AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-771618654-3341757510-301361698-500 - Administrator - Disabled) Gast (S-1-5-21-771618654-3341757510-301361698-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-771618654-3341757510-301361698-1005 - Limited - Enabled) timo (S-1-5-21-771618654-3341757510-301361698-1000 - Administrator - Enabled) => C:\Users\timo ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/10/2014 00:44:27 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (11/10/2014 00:43:56 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (11/10/2014 10:31:37 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (11/10/2014 10:30:39 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (11/08/2014 07:07:20 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (11/07/2014 10:24:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: sntrm.exe, Version: 0.0.0.0, Zeitstempel: 0x3586c914 Name des fehlerhaften Moduls: nvd3dum.dll, Version: 8.16.11.8691, Zeitstempel: 0x4a9cdfac Ausnahmecode: 0xc0000005 Fehleroffset: 0x0029faa7 ID des fehlerhaften Prozesses: 0x7a4 Startzeit der fehlerhaften Anwendung: 0xsntrm.exe0 Pfad der fehlerhaften Anwendung: sntrm.exe1 Pfad des fehlerhaften Moduls: sntrm.exe2 Berichtskennung: sntrm.exe3 Error: (11/07/2014 10:04:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: sntrm.exe, Version: 0.0.0.0, Zeitstempel: 0x3586c914 Name des fehlerhaften Moduls: nvd3dum.dll, Version: 8.16.11.8691, Zeitstempel: 0x4a9cdfac Ausnahmecode: 0xc0000005 Fehleroffset: 0x0029faa7 ID des fehlerhaften Prozesses: 0x1574 Startzeit der fehlerhaften Anwendung: 0xsntrm.exe0 Pfad der fehlerhaften Anwendung: sntrm.exe1 Pfad des fehlerhaften Moduls: sntrm.exe2 Berichtskennung: sntrm.exe3 Error: (11/07/2014 10:58:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.2.5413, Zeitstempel: 0x544ef530 Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.2.5413, Zeitstempel: 0x544ed089 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x6e4 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (11/07/2014 10:58:17 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 33.0.2.5413 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 634 Startzeit: 01cffa6778d067c8 Endzeit: 11 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: 56d7452e-6664-11e4-9fff-00245421c7e4 Error: (11/05/2014 07:28:13 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {851da704-56b2-4e09-a667-da7e8636aba9} System errors: ============= Error: (11/11/2014 09:56:53 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/11/2014 09:13:28 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/11/2014 08:28:35 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/11/2014 08:15:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht. Error: (11/10/2014 08:20:17 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/10/2014 06:50:21 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/10/2014 06:42:36 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/10/2014 06:42:18 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/10/2014 06:15:51 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/10/2014 03:27:10 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Microsoft Office Sessions: ========================= Error: (03/14/2012 09:39:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1189 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Percentage of memory in use: 38% Total physical RAM: 3036.61 MB Available physical RAM: 1882.38 MB Total Pagefile: 6069.46 MB Available Pagefile: 4693.44 MB Total Virtual: 2047.88 MB Available Virtual: 1908.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:141.49 GB) (Free:99.52 GB) NTFS Drive d: () (Fixed) (Total:141.5 GB) (Free:50.55 GB) NTFS Drive f: (INTENSO) (Fixed) (Total:1862.55 GB) (Free:1381.59 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 031AA195) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=141.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=141.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1863 GB) (Disk ID: 5D670B14) Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-11-11 13:14:30 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298.09GB Running: Gmer-19357.exe; Driver: C:\Users\timo\AppData\Local\Temp\kxldipog.sys ---- System - GMER 2.1 ---- SSDT 935BD3E6 ZwCreateSection SSDT 935BD3F0 ZwRequestWaitReplyPort SSDT 935BD3EB ZwSetContextThread SSDT 935BD3F5 ZwSetSecurityObject SSDT 935BD3FA ZwSystemDebugControl SSDT 935BD387 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C6E9A5 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C8E512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C95AB4 4 Bytes [E6, D3, 5B, 93] {OUT 0xd3, AL; POP EBX; XCHG EBX, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 181B 82C95E10 4 Bytes [F0, D3, 5B, 93] {RCR [EBX-0x6d], CL} .text ntoskrnl.exe!KeRemoveQueueEx + 185F 82C95E54 4 Bytes [EB, D3, 5B, 93] {JMP 0xffffffd5; POP EBX; XCHG EBX, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 18DB 82C95ED0 4 Bytes [F5, D3, 5B, 93] {CMC ; RCR [EBX-0x6d], CL} .text ntoskrnl.exe!KeRemoveQueueEx + 192F 82C95F24 4 Bytes [FA, D3, 5B, 93] {CLI ; RCR [EBX-0x6d], CL} .text ... .reloc C:\windows\system32\drivers\acedrv11.sys section is executable [0x9A1E0300, 0x25D4C, 0xE0000060] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtCreateFile 77B85608 5 Bytes JMP 5A44C6E0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtFlushBuffersFile 77B85998 5 Bytes JMP 5A14D3A3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtQueryFullAttributesFile 77B86028 5 Bytes JMP 5A14D620 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtReadFile 77B862F8 5 Bytes JMP 5A14D400 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtReadFileScatter 77B86308 5 Bytes JMP 5AD76F6A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtWriteFile 77B86AA8 5 Bytes JMP 5A44D5B0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtWriteFileGather 77B86AB8 5 Bytes JMP 5AD76F19 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!LdrLoadDll 77BA22AE 5 Bytes JMP 73101F43 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 77A394E6 7 Bytes JMP 5ACDEAD2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] kernel32.dll!QueryPerformanceCounter + 13 77A3C4E5 7 Bytes JMP 5ACDEAF5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] kernel32.dll!LoadAppInitDlls + 355 77A3F5A6 7 Bytes JMP 5A44913E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] USER32.dll!GetWindowInfo 768F4B5E 5 Bytes JMP 5ABE5F20 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] GDI32.dll!GetViewportOrgEx + 26C 7689884B 7 Bytes JMP 5ACDEA53 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0xE3 0x23 0x79 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0xE3 0x23 0x79 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@4CB6F829 1002 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:28 on 11/11/2014 (timo) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014 Ran by timo (administrator) on TIMO-PC on 11-11-2014 12:48:07 Running from C:\Users\timo\Downloads Loaded Profile: timo (Available profiles: timo) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF 6\creator-ws.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBE.EXE (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.) HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [84576 2013-07-23] (Nullsoft, Inc.) HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-06] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-771618654-3341757510-301361698-1000\...\Run: [EPSON SX110 Series] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE [199680 2008-09-27] (SEIKO EPSON CORPORATION) HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 Startup: C:\Users\timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de SearchScopes: HKCU - {78510FD7-AB37-41C8-B4FC-7218C4C04EDA} URL = hxxp://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms} BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Soda PDF 6 Helper -> {ACEC6276-3D7B-4AA9-BE79-23520A23026D} -> C:\Program Files\Soda PDF 6\creator-ie-helper.dll (LULU SOFTWARE LIMITED) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKLM - Soda PDF 6 Toolbar - {35251526-B7A4-44E4-8B2E-FD62AE267B82} - C:\Program Files\Soda PDF 6\creator-ie-plugin.dll (LULU SOFTWARE LIMITED) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\timo\AppData\Roaming\Mozilla\Firefox\Profiles\vr7udw99.default-1414134989753 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Soda PDF 6 -> C:\Program Files\Soda PDF 6\np-previewer.dll (LULU SOFTWARE LIMITED) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\timo\AppData\Roaming\Mozilla\Firefox\Profiles\vr7udw99.default-1414134989753\searchplugins\goodreads.xml FF SearchPlugin: C:\Users\timo\AppData\Roaming\Mozilla\Firefox\Profiles\vr7udw99.default-1414134989753\searchplugins\youtube-videosuche.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ddg.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\timo\AppData\Roaming\Mozilla\Firefox\Profiles\vr7udw99.default-1414134989753\Extensions\youtubeunblocker@unblocker.yt [2014-11-08] FF Extension: Adblock Plus - C:\Users\timo\AppData\Roaming\Mozilla\Firefox\Profiles\vr7udw99.default-1414134989753\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-24] FF HKLM\...\Firefox\Extensions: [soda_pdf_6_conv@sodapdf.com] - C:\Program Files\Soda PDF 6\resources\firefoxextension FF Extension: Soda PDF 6 Creator - C:\Program Files\Soda PDF 6\resources\firefoxextension [2014-04-27] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-06] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION) R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION) S3 LULU Software CrashHandler; C:\Program Files\Soda PDF 6\crash-handler-ws.exe [744800 2014-02-20] (LULU SOFTWARE LIMITED) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation) S3 Soda PDF 6; C:\Program Files\Soda PDF 6\ws.exe [1573728 2014-02-20] (LULU SOFTWARE LIMITED) R2 Soda PDF 6 Creator; C:\Program Files\Soda PDF 6\creator-ws.exe [620384 2014-02-20] (LULU SOFTWARE LIMITED) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv11; C:\windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH) R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-07] (Avira Operations GmbH & Co. KG) S4 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-01-30] (Duplex Secure Ltd.) R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-23] (Avira GmbH) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 12:48 - 2014-11-11 12:48 - 00012572 _____ () C:\Users\timo\Downloads\FRST.txt 2014-11-11 12:47 - 2014-11-11 12:48 - 00000000 ____D () C:\FRST 2014-11-11 12:46 - 2014-11-11 12:47 - 01107968 _____ (Farbar) C:\Users\timo\Downloads\FRST.exe 2014-11-11 12:28 - 2014-11-11 12:29 - 00000630 _____ () C:\Users\timo\Downloads\defogger_disable.log 2014-11-11 12:28 - 2014-11-11 12:29 - 00000020 _____ () C:\Users\timo\defogger_reenable 2014-11-11 12:27 - 2014-11-11 12:27 - 00050477 _____ () C:\Users\timo\Downloads\Defogger.exe 2014-11-10 21:15 - 2014-11-10 21:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-05 22:33 - 2014-11-05 22:33 - 00001665 _____ () C:\Users\Public\Desktop\Sanitarium.lnk 2014-11-05 19:28 - 2014-11-05 19:46 - 00000000 ____D () C:\Program Files\THQ 2014-11-05 15:04 - 2014-11-05 15:10 - 00204268 _____ () C:\AUTO.pat 2014-11-05 15:04 - 2014-11-05 15:10 - 00000020 _____ () C:\AUTO.pst 2014-11-03 21:10 - 2014-11-03 21:10 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2014-11-02 21:49 - 2014-11-02 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-11-02 21:47 - 2014-11-02 21:48 - 06958304 _____ (Microsoft Corporation) C:\Users\timo\Downloads\Silverlight.exe 2014-11-02 21:46 - 2014-11-02 21:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-11-02 21:46 - 2014-11-02 21:46 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-11-02 21:46 - 2014-11-02 21:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-11-02 21:46 - 2014-11-02 21:46 - 00000000 ____D () C:\Program Files\Adobe 2014-10-30 07:37 - 2014-10-30 07:37 - 00000000 __SHD () C:\Users\timo\AppData\Local\EmieUserList 2014-10-30 07:37 - 2014-10-30 07:37 - 00000000 __SHD () C:\Users\timo\AppData\Local\EmieSiteList 2014-10-28 21:37 - 2014-10-28 21:37 - 00000000 ____D () C:\Users\timo\AppData\Roaming\ScummVM 2014-10-28 13:06 - 2014-10-28 13:06 - 00011015 _____ () C:\Users\timo\Downloads\Schweigepflichtentbindung.html 2014-10-27 06:43 - 2014-10-27 06:46 - 00000000 ____D () C:\Users\timo\AppData\Local\AviraSpeedup 2014-10-24 08:06 - 2014-10-24 08:06 - 00541427 _____ () C:\Users\timo\Downloads\bookmarks.html 2014-10-18 08:41 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-10-18 08:41 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2014-10-18 08:41 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-10-18 08:41 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-10-18 08:41 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-10-18 08:41 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-10-18 08:41 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-10-18 08:41 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-10-18 08:41 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-10-18 08:41 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-10-18 08:41 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-10-18 08:41 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-10-18 08:41 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-10-18 08:41 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-10-18 08:41 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-10-18 08:41 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-10-18 08:41 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-10-18 08:41 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-10-18 08:41 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-10-18 08:41 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-10-18 08:41 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-10-18 08:41 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-10-18 08:41 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-10-18 08:41 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-10-18 08:41 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-10-18 08:41 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-10-18 08:41 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-10-18 08:41 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-10-18 08:41 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-10-18 08:41 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-10-18 08:41 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-10-18 08:41 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-10-18 08:41 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-10-18 08:41 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-10-18 08:41 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll 2014-10-18 08:38 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll 2014-10-18 08:38 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll 2014-10-18 08:38 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll 2014-10-18 08:37 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2014-10-18 08:37 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2014-10-18 08:37 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2014-10-18 08:37 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-10-18 08:37 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-10-18 08:37 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-10-18 08:37 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-10-18 08:37 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll 2014-10-18 08:37 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2014-10-18 08:37 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-10-18 08:37 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-10-18 08:37 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2014-10-18 08:37 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2014-10-18 08:37 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL 2014-10-18 08:37 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL 2014-10-18 08:37 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL 2014-10-18 08:37 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL 2014-10-18 08:37 - 2014-07-09 02:29 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL 2014-10-18 08:37 - 2014-07-08 23:30 - 00419992 _____ () C:\windows\system32\locale.nls 2014-10-17 20:05 - 2014-11-09 15:15 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-17 20:05 - 2014-10-17 20:06 - 00197066 _____ () C:\windows\system32\Avira_1_Id.Avira.OE.Setup.Msi.log 2014-10-17 18:00 - 2014-11-10 18:58 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-17 18:00 - 2014-10-29 06:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-10-17 18:00 - 2014-10-28 07:58 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-17 18:00 - 2014-10-28 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-17 18:00 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-10-17 18:00 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-10-15 00:32 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-10-15 00:31 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll 2014-10-15 00:31 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe 2014-10-15 00:31 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe 2014-10-15 00:31 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll 2014-10-15 00:27 - 2014-08-23 02:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-10-15 00:27 - 2014-07-14 02:42 - 00654336 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2014-10-15 00:27 - 2014-07-07 02:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-10-15 00:27 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-10-15 00:27 - 2014-06-16 02:44 - 00730048 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2014-10-15 00:27 - 2014-06-16 02:44 - 00219072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys 2014-10-15 00:27 - 2014-06-16 02:40 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll 2014-10-15 00:25 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2014-10-14 19:46 - 2014-11-05 22:29 - 00000000 ____D () C:\GOG Games 2014-10-14 18:27 - 2014-11-08 15:48 - 00000000 ____D () C:\Users\timo\AppData\Local\GOG.com 2014-10-14 18:27 - 2014-11-05 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2014-10-13 14:02 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-10-13 08:01 - 2014-06-03 10:30 - 00101824 _____ (Microsoft Corporation) C:\windows\system32\consent.exe 2014-10-13 08:01 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2014-10-13 08:01 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll 2014-10-13 08:00 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-10-13 07:58 - 2014-10-14 17:31 - 00000000 ____D () C:\814f49f0e9648fc4b538 2014-10-13 07:56 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-10-13 07:56 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 12:38 - 2009-07-14 05:34 - 00023328 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-11 12:38 - 2009-07-14 05:34 - 00023328 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-11 12:34 - 2009-09-22 06:23 - 01102853 _____ () C:\windows\WindowsUpdate.log 2014-11-11 12:31 - 2010-04-08 15:30 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-11 12:30 - 2012-07-29 20:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-11 12:30 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-11-11 12:30 - 2009-07-14 05:39 - 00093393 _____ () C:\windows\setupact.log 2014-11-11 12:28 - 2010-01-23 15:43 - 00000000 ____D () C:\Users\timo 2014-11-11 12:16 - 2014-08-10 07:53 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-11-11 12:07 - 2010-04-08 15:30 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-10 16:11 - 2010-05-05 15:11 - 00000238 _____ () C:\windows\Tasks\Epson Printer Software Downloader.job 2014-11-09 15:15 - 2014-10-10 13:34 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-09 15:15 - 2013-10-23 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-09 15:15 - 2013-10-23 21:52 - 00000000 ____D () C:\Program Files\Avira 2014-11-09 15:13 - 2009-07-26 21:06 - 01768124 _____ () C:\windows\system32\PerfStringBackup.INI 2014-11-06 12:00 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\NDF 2014-11-05 22:33 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-11-05 19:46 - 2009-09-22 06:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-11-04 19:28 - 2010-01-23 16:24 - 00000000 ____D () C:\Users\timo\AppData\Roaming\Adobe 2014-11-03 08:03 - 2010-01-23 15:43 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-03 08:01 - 2010-01-23 15:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-11-03 08:01 - 2009-09-22 06:48 - 00824286 _____ () C:\windows\PFRO.log 2014-11-02 21:47 - 2010-01-23 15:44 - 00000000 ____D () C:\Users\timo\AppData\Local\Adobe 2014-10-28 17:09 - 2010-02-10 22:22 - 00000000 ____D () C:\Users\timo\AppData\Roaming\dvdcss 2014-10-28 17:09 - 2010-02-09 10:52 - 00000000 ____D () C:\Users\timo\AppData\Roaming\vlc 2014-10-28 11:35 - 2010-01-28 15:01 - 00000000 ____D () C:\Program Files\FLAC 2014-10-28 06:35 - 2014-02-26 22:34 - 00229000 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-10-24 08:44 - 2009-07-14 03:04 - 00000521 _____ () C:\windows\win.ini 2014-10-23 11:01 - 2014-02-26 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-10-23 11:01 - 2014-02-26 19:59 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-10-22 14:06 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache 2014-10-22 13:12 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-10-18 21:23 - 2009-07-14 05:33 - 00435632 _____ () C:\windows\system32\FNTCACHE.DAT 2014-10-18 21:19 - 2014-05-15 16:48 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-10-18 21:19 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-10-18 21:16 - 2013-10-23 23:47 - 00000000 ____D () C:\windows\system32\MRT 2014-10-18 08:59 - 2010-01-26 17:29 - 100290944 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-10-17 20:15 - 2010-01-30 22:34 - 00000000 ____D () C:\Users\timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-10-17 18:00 - 2014-02-26 19:41 - 00000000 ____D () C:\Users\timo\AppData\Roaming\Malwarebytes 2014-10-17 18:00 - 2014-02-26 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-17 17:41 - 2010-01-23 15:52 - 00115488 _____ () C:\Users\timo\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-15 00:22 - 2009-09-22 06:20 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2014-10-14 18:27 - 2011-08-08 09:52 - 00000000 ____D () C:\Program Files\GOG.com 2014-10-14 17:40 - 2013-10-23 21:54 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2014-10-14 17:40 - 2013-10-23 21:52 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-10-14 17:40 - 2013-10-23 21:52 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys Some content of TEMP: ==================== C:\Users\timo\AppData\Local\Temp\avgnt.exe C:\Users\timo\AppData\Local\Temp\drm_dyndata_7330006.dll C:\Users\timo\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-08 19:06 ==================== End Of Log ============================ Gmer : Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-11-11 13:59:29 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298.09GB Running: Gmer-19357.exe; Driver: C:\Users\timo\AppData\Local\Temp\kxldipog.sys ---- System - GMER 2.1 ---- SSDT 935BD3E6 ZwCreateSection SSDT 935BD3F0 ZwRequestWaitReplyPort SSDT 935BD3EB ZwSetContextThread SSDT 935BD3F5 ZwSetSecurityObject SSDT 935BD3FA ZwSystemDebugControl SSDT 935BD387 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C6E9A5 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C8E512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C95AB4 4 Bytes [E6, D3, 5B, 93] {OUT 0xd3, AL; POP EBX; XCHG EBX, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 181B 82C95E10 4 Bytes [F0, D3, 5B, 93] {RCR [EBX-0x6d], CL} .text ntoskrnl.exe!KeRemoveQueueEx + 185F 82C95E54 4 Bytes [EB, D3, 5B, 93] {JMP 0xffffffd5; POP EBX; XCHG EBX, EAX} .text ntoskrnl.exe!KeRemoveQueueEx + 18DB 82C95ED0 4 Bytes [F5, D3, 5B, 93] {CMC ; RCR [EBX-0x6d], CL} .text ntoskrnl.exe!KeRemoveQueueEx + 192F 82C95F24 4 Bytes [FA, D3, 5B, 93] {CLI ; RCR [EBX-0x6d], CL} .text ... .reloc C:\windows\system32\drivers\acedrv11.sys section is executable [0x9A1E0300, 0x25D4C, 0xE0000060] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtCreateFile 77B85608 5 Bytes JMP 5A44C6E0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtFlushBuffersFile 77B85998 5 Bytes JMP 5A14D3A3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtQueryFullAttributesFile 77B86028 5 Bytes JMP 5A14D620 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtReadFile 77B862F8 5 Bytes JMP 5A14D400 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtReadFileScatter 77B86308 5 Bytes JMP 5AD76F6A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtWriteFile 77B86AA8 5 Bytes JMP 5A44D5B0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!NtWriteFileGather 77B86AB8 5 Bytes JMP 5AD76F19 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] ntdll.dll!LdrLoadDll 77BA22AE 5 Bytes JMP 73101F43 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 77A394E6 7 Bytes JMP 5ACDEAD2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] kernel32.dll!QueryPerformanceCounter + 13 77A3C4E5 7 Bytes JMP 5ACDEAF5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] kernel32.dll!LoadAppInitDlls + 355 77A3F5A6 7 Bytes JMP 5A44913E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] USER32.dll!GetWindowInfo 768F4B5E 5 Bytes JMP 5ABE5F20 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2876] GDI32.dll!GetViewportOrgEx + 26C 7689884B 7 Bytes JMP 5ACDEA53 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0xE3 0x23 0x79 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0xE3 0x23 0x79 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@4CB6F829 1002 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Avira Free Antivirus Erstellungsdatum der Reportdatei: Dienstag, 11. November 2014 08:28 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Antivirus Free Seriennummer : 0000149996-AVHOE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : TIMO-PC Versionsinformationen: BUILD.DAT : 14.0.7.342 92013 Bytes 10/23/2014 14:02:00 AVSCAN.EXE : 14.0.7.312 1015544 Bytes 11/6/2014 10:52:07 AVSCANRC.DLL : 14.0.7.308 64304 Bytes 11/6/2014 10:52:07 LUKE.DLL : 14.0.7.310 60664 Bytes 11/6/2014 10:54:25 AVSCPLR.DLL : 14.0.7.310 93488 Bytes 11/6/2014 10:52:07 REPAIR.DLL : 14.0.7.312 366328 Bytes 11/6/2014 10:52:00 REPAIR.RDF : 1.0.2.30 596694 Bytes 10/24/2014 07:07:50 AVREG.DLL : 14.0.7.310 264952 Bytes 11/6/2014 10:51:57 AVLODE.DLL : 14.0.7.312 563448 Bytes 11/6/2014 10:51:54 AVLODE.RDF : 14.0.4.46 64835 Bytes 10/10/2014 12:18:33 XBV00011.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:48 XBV00012.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:48 XBV00013.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:48 XBV00014.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:48 XBV00015.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:48 XBV00016.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:48 XBV00017.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:49 XBV00018.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:49 XBV00019.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:49 XBV00020.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:49 XBV00021.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:49 XBV00022.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:49 XBV00023.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:49 XBV00024.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:49 XBV00025.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:49 XBV00026.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:49 XBV00027.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:50 XBV00028.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:50 XBV00029.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:50 XBV00030.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:50 XBV00031.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:50 XBV00032.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:50 XBV00033.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:50 XBV00034.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:50 XBV00035.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:50 XBV00036.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:51 XBV00037.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:51 XBV00038.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:51 XBV00039.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:51 XBV00040.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:51 XBV00041.VDF : 8.11.165.190 2048 Bytes 8/7/2014 07:02:51 XBV00207.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:32 XBV00208.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:32 XBV00209.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:32 XBV00210.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:32 XBV00211.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:32 XBV00212.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:32 XBV00213.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:32 XBV00214.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:33 XBV00215.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:33 XBV00216.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:33 XBV00217.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:33 XBV00218.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:33 XBV00219.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:33 XBV00220.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:34 XBV00221.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:34 XBV00222.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:34 XBV00223.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:34 XBV00224.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:34 XBV00225.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:34 XBV00226.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:35 XBV00227.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:35 XBV00228.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:35 XBV00229.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:35 XBV00230.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:35 XBV00231.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:35 XBV00232.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:35 XBV00233.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:36 XBV00234.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:36 XBV00235.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:36 XBV00236.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:36 XBV00237.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:36 XBV00238.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:36 XBV00239.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:36 XBV00240.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:37 XBV00241.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:37 XBV00242.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:37 XBV00243.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:37 XBV00244.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:37 XBV00245.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:37 XBV00246.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:37 XBV00247.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:38 XBV00248.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:38 XBV00249.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:38 XBV00250.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:38 XBV00251.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:38 XBV00252.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:38 XBV00253.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:39 XBV00254.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:39 XBV00255.VDF : 8.11.183.62 2048 Bytes 11/5/2014 18:45:39 XBV00000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 13:39:06 XBV00001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 13:39:35 XBV00002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 13:40:01 XBV00003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 20:15:12 XBV00004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 20:15:14 XBV00005.VDF : 7.11.98.186 6822912 Bytes 8/29/2013 20:16:05 XBV00006.VDF : 7.11.139.38 15708672 Bytes 3/27/2014 06:31:33 XBV00007.VDF : 7.11.152.100 4193792 Bytes 6/2/2014 07:02:04 XBV00008.VDF : 8.11.165.192 4251136 Bytes 8/7/2014 07:02:47 XBV00009.VDF : 8.11.172.30 2094080 Bytes 9/15/2014 12:23:35 XBV00010.VDF : 8.11.178.32 1581056 Bytes 10/14/2014 16:43:09 XBV00042.VDF : 8.11.178.58 29696 Bytes 10/14/2014 16:43:10 XBV00043.VDF : 8.11.178.60 2048 Bytes 10/14/2014 16:43:10 XBV00044.VDF : 8.11.178.86 21504 Bytes 10/14/2014 22:31:35 XBV00045.VDF : 8.11.178.88 11776 Bytes 10/15/2014 16:44:27 XBV00046.VDF : 8.11.178.92 17408 Bytes 10/15/2014 16:44:28 XBV00047.VDF : 8.11.178.94 2048 Bytes 10/15/2014 16:44:28 XBV00048.VDF : 8.11.178.116 7680 Bytes 10/15/2014 16:44:28 XBV00049.VDF : 8.11.178.136 21504 Bytes 10/15/2014 16:44:28 XBV00050.VDF : 8.11.178.140 2048 Bytes 10/15/2014 16:44:28 XBV00051.VDF : 8.11.178.162 32768 Bytes 10/15/2014 16:44:29 XBV00052.VDF : 8.11.178.164 2048 Bytes 10/15/2014 16:44:29 XBV00053.VDF : 8.11.178.166 14336 Bytes 10/15/2014 16:44:29 XBV00054.VDF : 8.11.178.170 12800 Bytes 10/15/2014 16:44:29 XBV00055.VDF : 8.11.178.190 4608 Bytes 10/15/2014 16:44:29 XBV00056.VDF : 8.11.178.210 5120 Bytes 10/15/2014 16:44:30 XBV00057.VDF : 8.11.178.230 17920 Bytes 10/16/2014 16:44:30 XBV00058.VDF : 8.11.178.234 8704 Bytes 10/16/2014 16:44:30 XBV00059.VDF : 8.11.178.236 13312 Bytes 10/16/2014 16:44:30 XBV00060.VDF : 8.11.178.240 50176 Bytes 10/16/2014 16:44:31 XBV00061.VDF : 8.11.179.4 2048 Bytes 10/16/2014 16:44:31 XBV00062.VDF : 8.11.179.6 2048 Bytes 10/16/2014 16:44:31 XBV00063.VDF : 8.11.179.8 2048 Bytes 10/16/2014 16:44:31 XBV00064.VDF : 8.11.179.12 27136 Bytes 10/16/2014 16:44:31 XBV00065.VDF : 8.11.179.18 29696 Bytes 10/17/2014 16:44:32 XBV00066.VDF : 8.11.179.20 2048 Bytes 10/17/2014 16:44:32 XBV00067.VDF : 8.11.179.22 8192 Bytes 10/17/2014 16:44:32 XBV00068.VDF : 8.11.179.44 12800 Bytes 10/17/2014 16:44:32 XBV00069.VDF : 8.11.179.62 6656 Bytes 10/17/2014 16:44:32 XBV00070.VDF : 8.11.179.80 10752 Bytes 10/17/2014 16:44:32 XBV00071.VDF : 8.11.179.82 2048 Bytes 10/17/2014 16:44:32 XBV00072.VDF : 8.11.179.100 5632 Bytes 10/17/2014 16:44:32 XBV00073.VDF : 8.11.179.106 22528 Bytes 10/17/2014 07:27:42 XBV00074.VDF : 8.11.179.108 2560 Bytes 10/17/2014 07:27:42 XBV00075.VDF : 8.11.179.110 9216 Bytes 10/17/2014 07:27:42 XBV00076.VDF : 8.11.179.114 18432 Bytes 10/18/2014 20:07:24 XBV00077.VDF : 8.11.179.116 3072 Bytes 10/18/2014 20:07:24 XBV00078.VDF : 8.11.179.118 38912 Bytes 10/18/2014 20:07:24 XBV00079.VDF : 8.11.179.120 2048 Bytes 10/18/2014 20:07:24 XBV00080.VDF : 8.11.179.122 52224 Bytes 10/19/2014 11:32:03 XBV00081.VDF : 8.11.179.140 2048 Bytes 10/19/2014 11:32:03 XBV00082.VDF : 8.11.179.160 25600 Bytes 10/19/2014 11:32:03 XBV00083.VDF : 8.11.179.162 2048 Bytes 10/19/2014 11:32:03 XBV00084.VDF : 8.11.179.180 35328 Bytes 10/20/2014 11:32:04 XBV00085.VDF : 8.11.179.182 2048 Bytes 10/20/2014 11:32:04 XBV00086.VDF : 8.11.179.184 12800 Bytes 10/20/2014 11:32:04 XBV00087.VDF : 8.11.179.186 7168 Bytes 10/20/2014 11:32:04 XBV00088.VDF : 8.11.179.188 23040 Bytes 10/20/2014 11:32:05 XBV00089.VDF : 8.11.179.190 2048 Bytes 10/20/2014 11:32:05 XBV00090.VDF : 8.11.179.192 2048 Bytes 10/20/2014 11:32:05 XBV00091.VDF : 8.11.179.194 13312 Bytes 10/20/2014 11:32:05 XBV00092.VDF : 8.11.179.196 2048 Bytes 10/20/2014 11:32:05 XBV00093.VDF : 8.11.179.216 36352 Bytes 10/20/2014 11:32:06 XBV00094.VDF : 8.11.179.232 2048 Bytes 10/20/2014 11:32:06 XBV00095.VDF : 8.11.179.234 2048 Bytes 10/20/2014 11:32:06 XBV00096.VDF : 8.11.180.12 32256 Bytes 10/21/2014 11:32:06 XBV00097.VDF : 8.11.180.30 17408 Bytes 10/21/2014 11:32:06 XBV00098.VDF : 8.11.180.32 2048 Bytes 10/21/2014 11:32:06 XBV00099.VDF : 8.11.180.34 16384 Bytes 10/21/2014 11:32:07 XBV00100.VDF : 8.11.180.40 8704 Bytes 10/21/2014 11:32:07 XBV00101.VDF : 8.11.180.42 10240 Bytes 10/21/2014 11:32:07 XBV00102.VDF : 8.11.180.44 31744 Bytes 10/21/2014 11:32:07 XBV00103.VDF : 8.11.180.60 2048 Bytes 10/21/2014 11:32:08 XBV00104.VDF : 8.11.180.64 24576 Bytes 10/21/2014 11:32:08 XBV00105.VDF : 8.11.180.66 6144 Bytes 10/21/2014 11:32:08 XBV00106.VDF : 8.11.180.70 2560 Bytes 10/21/2014 11:32:08 XBV00107.VDF : 8.11.180.88 33280 Bytes 10/22/2014 11:32:08 XBV00108.VDF : 8.11.180.104 2560 Bytes 10/22/2014 11:32:09 XBV00109.VDF : 8.11.180.106 2048 Bytes 10/22/2014 11:32:09 XBV00110.VDF : 8.11.180.122 25600 Bytes 10/22/2014 11:32:09 XBV00111.VDF : 8.11.180.138 11264 Bytes 10/22/2014 11:32:09 XBV00112.VDF : 8.11.180.140 20992 Bytes 10/22/2014 10:00:53 XBV00113.VDF : 8.11.180.142 2048 Bytes 10/22/2014 10:00:54 XBV00114.VDF : 8.11.180.144 2048 Bytes 10/22/2014 10:00:54 XBV00115.VDF : 8.11.180.150 43520 Bytes 10/22/2014 10:00:55 XBV00116.VDF : 8.11.180.154 2048 Bytes 10/22/2014 10:00:56 XBV00117.VDF : 8.11.180.172 12288 Bytes 10/22/2014 10:00:56 XBV00118.VDF : 8.11.180.174 2048 Bytes 10/22/2014 10:00:57 XBV00119.VDF : 8.11.180.188 7168 Bytes 10/22/2014 10:00:57 XBV00120.VDF : 8.11.180.204 11776 Bytes 10/23/2014 10:00:58 XBV00121.VDF : 8.11.180.206 3584 Bytes 10/23/2014 10:00:58 XBV00122.VDF : 8.11.180.208 22016 Bytes 10/23/2014 10:00:59 XBV00123.VDF : 8.11.180.210 20992 Bytes 10/23/2014 07:07:44 XBV00124.VDF : 8.11.180.212 2048 Bytes 10/23/2014 07:07:44 XBV00125.VDF : 8.11.180.214 2560 Bytes 10/23/2014 07:07:44 XBV00126.VDF : 8.11.180.220 32768 Bytes 10/23/2014 07:07:45 XBV00127.VDF : 8.11.180.222 2048 Bytes 10/23/2014 07:07:45 XBV00128.VDF : 8.11.180.224 2048 Bytes 10/23/2014 07:07:45 XBV00129.VDF : 8.11.180.226 15872 Bytes 10/23/2014 07:07:45 XBV00130.VDF : 8.11.180.228 2048 Bytes 10/23/2014 07:07:46 XBV00131.VDF : 8.11.180.232 28672 Bytes 10/24/2014 07:07:46 XBV00132.VDF : 8.11.180.234 2048 Bytes 10/24/2014 07:07:46 XBV00133.VDF : 8.11.180.236 38912 Bytes 10/24/2014 13:24:00 XBV00134.VDF : 8.11.180.250 2048 Bytes 10/24/2014 13:24:00 XBV00135.VDF : 8.11.180.252 2048 Bytes 10/24/2014 13:24:00 XBV00136.VDF : 8.11.181.10 14336 Bytes 10/24/2014 18:56:05 XBV00137.VDF : 8.11.181.24 6144 Bytes 10/24/2014 18:56:06 XBV00138.VDF : 8.11.181.36 21504 Bytes 10/24/2014 18:56:06 XBV00139.VDF : 8.11.181.38 2048 Bytes 10/24/2014 18:56:06 XBV00140.VDF : 8.11.181.40 25088 Bytes 10/24/2014 18:56:06 XBV00141.VDF : 8.11.181.42 2048 Bytes 10/25/2014 18:56:06 XBV00142.VDF : 8.11.181.44 2048 Bytes 10/25/2014 18:56:06 XBV00143.VDF : 8.11.181.48 62976 Bytes 10/25/2014 18:56:07 XBV00144.VDF : 8.11.181.50 2048 Bytes 10/25/2014 18:56:07 XBV00145.VDF : 8.11.181.52 27136 Bytes 10/25/2014 18:56:07 XBV00146.VDF : 8.11.181.54 2048 Bytes 10/25/2014 18:56:08 XBV00147.VDF : 8.11.181.56 2048 Bytes 10/25/2014 18:56:08 XBV00148.VDF : 8.11.181.72 64000 Bytes 10/26/2014 05:46:29 XBV00149.VDF : 8.11.181.84 2048 Bytes 10/26/2014 05:46:29 XBV00150.VDF : 8.11.181.96 2048 Bytes 10/26/2014 05:46:29 XBV00151.VDF : 8.11.181.108 2048 Bytes 10/26/2014 05:46:29 XBV00152.VDF : 8.11.181.120 14336 Bytes 10/26/2014 05:46:29 XBV00153.VDF : 8.11.181.132 2048 Bytes 10/26/2014 05:46:29 XBV00154.VDF : 8.11.181.146 54272 Bytes 10/27/2014 17:17:14 XBV00155.VDF : 8.11.181.148 2048 Bytes 10/27/2014 17:17:14 XBV00156.VDF : 8.11.181.150 6656 Bytes 10/27/2014 17:17:15 XBV00157.VDF : 8.11.181.152 7680 Bytes 10/27/2014 17:17:15 XBV00158.VDF : 8.11.181.154 6656 Bytes 10/27/2014 17:17:15 XBV00159.VDF : 8.11.181.156 13824 Bytes 10/27/2014 17:17:15 XBV00160.VDF : 8.11.183.62 850944 Bytes 11/5/2014 18:45:24 XBV00161.VDF : 8.11.183.84 26112 Bytes 11/5/2014 10:54:37 XBV00162.VDF : 8.11.183.92 2048 Bytes 11/5/2014 10:54:37 XBV00163.VDF : 8.11.183.100 2048 Bytes 11/5/2014 10:54:37 XBV00164.VDF : 8.11.183.112 16896 Bytes 11/5/2014 10:54:38 XBV00165.VDF : 8.11.183.114 3584 Bytes 11/5/2014 10:54:38 XBV00166.VDF : 8.11.183.118 7168 Bytes 11/6/2014 10:54:38 XBV00167.VDF : 8.11.183.120 20992 Bytes 11/6/2014 10:54:38 XBV00168.VDF : 8.11.183.122 35840 Bytes 11/6/2014 08:52:36 XBV00169.VDF : 8.11.183.124 2048 Bytes 11/6/2014 08:52:36 XBV00170.VDF : 8.11.183.128 2048 Bytes 11/6/2014 08:52:36 XBV00171.VDF : 8.11.183.130 35328 Bytes 11/6/2014 08:52:37 XBV00172.VDF : 8.11.183.132 2048 Bytes 11/6/2014 08:52:37 XBV00173.VDF : 8.11.183.134 2048 Bytes 11/6/2014 08:52:37 XBV00174.VDF : 8.11.183.136 23552 Bytes 11/6/2014 08:52:37 XBV00175.VDF : 8.11.183.138 2048 Bytes 11/6/2014 08:52:37 XBV00176.VDF : 8.11.183.140 6656 Bytes 11/6/2014 08:52:37 XBV00177.VDF : 8.11.183.142 6144 Bytes 11/6/2014 08:52:37 XBV00178.VDF : 8.11.183.152 51200 Bytes 11/7/2014 08:52:38 XBV00179.VDF : 8.11.183.160 21504 Bytes 11/7/2014 14:52:05 XBV00180.VDF : 8.11.183.168 26624 Bytes 11/7/2014 14:52:05 XBV00181.VDF : 8.11.183.170 3584 Bytes 11/7/2014 14:52:05 XBV00182.VDF : 8.11.183.172 9216 Bytes 11/7/2014 20:52:12 XBV00183.VDF : 8.11.183.176 31232 Bytes 11/7/2014 20:52:13 XBV00184.VDF : 8.11.183.178 3584 Bytes 11/7/2014 07:21:45 XBV00185.VDF : 8.11.183.180 6656 Bytes 11/7/2014 07:21:45 XBV00186.VDF : 8.11.183.182 9216 Bytes 11/7/2014 07:21:45 XBV00187.VDF : 8.11.183.186 29184 Bytes 11/8/2014 13:21:46 XBV00188.VDF : 8.11.183.190 25088 Bytes 11/8/2014 19:22:17 XBV00189.VDF : 8.11.183.192 2048 Bytes 11/8/2014 19:22:18 XBV00190.VDF : 8.11.183.194 2048 Bytes 11/8/2014 19:22:19 XBV00191.VDF : 8.11.183.196 94720 Bytes 11/9/2014 10:35:38 XBV00192.VDF : 8.11.183.206 2048 Bytes 11/9/2014 10:35:39 XBV00193.VDF : 8.11.183.212 36864 Bytes 11/9/2014 16:35:42 XBV00194.VDF : 8.11.183.214 2048 Bytes 11/9/2014 16:35:42 XBV00195.VDF : 8.11.183.220 7680 Bytes 11/9/2014 08:02:12 XBV00196.VDF : 8.11.183.222 51200 Bytes 11/10/2014 08:02:14 XBV00197.VDF : 8.11.183.224 8704 Bytes 11/10/2014 08:02:15 XBV00198.VDF : 8.11.183.230 5632 Bytes 11/10/2014 14:02:24 XBV00199.VDF : 8.11.183.236 7680 Bytes 11/10/2014 14:02:24 XBV00200.VDF : 8.11.183.240 2048 Bytes 11/10/2014 14:02:24 XBV00201.VDF : 8.11.183.246 2048 Bytes 11/10/2014 14:02:24 XBV00202.VDF : 8.11.183.254 115712 Bytes 11/10/2014 20:02:28 XBV00203.VDF : 8.11.184.10 24576 Bytes 11/10/2014 07:18:54 XBV00204.VDF : 8.11.184.14 5632 Bytes 11/10/2014 07:18:54 XBV00205.VDF : 8.11.184.16 13312 Bytes 11/11/2014 07:18:54 XBV00206.VDF : 8.11.184.22 27136 Bytes 11/11/2014 07:18:55 LOCAL001.VDF : 8.11.184.22 114388480 Bytes 11/11/2014 07:19:15 Engineversion : 8.3.26.8 AEVDF.DLL : 8.3.1.6 133992 Bytes 10/10/2014 12:18:23 AESCRIPT.DLL : 8.2.2.12 527216 Bytes 11/7/2014 08:52:36 AESCN.DLL : 8.3.2.2 139456 Bytes 8/10/2014 06:57:56 AESBX.DLL : 8.2.20.24 1409224 Bytes 5/14/2014 13:08:35 AERDL.DLL : 8.2.1.16 743328 Bytes 10/29/2014 11:16:54 AEPACK.DLL : 8.4.0.54 788392 Bytes 10/10/2014 12:18:13 AEOFFICE.DLL : 8.3.0.38 224112 Bytes 10/31/2014 14:07:16 AEHEUR.DLL : 8.1.4.1384 7759784 Bytes 11/7/2014 08:52:34 AEHELP.DLL : 8.3.1.0 278728 Bytes 8/10/2014 06:57:24 AEGEN.DLL : 8.1.7.34 453480 Bytes 11/7/2014 08:52:08 AEEXP.DLL : 8.4.2.32 247712 Bytes 10/10/2014 12:18:27 AEEMU.DLL : 8.1.3.4 399264 Bytes 8/10/2014 06:57:21 AEDROID.DLL : 8.4.2.24 442568 Bytes 8/10/2014 06:58:01 AECORE.DLL : 8.3.2.6 243712 Bytes 8/10/2014 06:57:20 AEBB.DLL : 8.1.2.0 60448 Bytes 8/10/2014 06:57:18 AVWINLL.DLL : 14.0.7.308 25904 Bytes 11/6/2014 10:51:38 AVPREF.DLL : 14.0.7.308 52016 Bytes 11/6/2014 10:51:56 AVREP.DLL : 14.0.7.308 220976 Bytes 11/6/2014 10:51:58 AVARKT.DLL : 14.0.7.308 227632 Bytes 11/6/2014 10:51:40 AVEVTLOG.DLL : 14.0.7.310 184112 Bytes 11/6/2014 10:51:49 SQLITE3.DLL : 14.0.7.308 453936 Bytes 11/6/2014 10:54:36 AVSMTP.DLL : 14.0.7.308 79096 Bytes 11/6/2014 10:52:08 NETNT.DLL : 14.0.7.308 15152 Bytes 11/6/2014 10:54:26 RCIMAGE.DLL : 14.0.7.308 4865328 Bytes 11/6/2014 10:51:38 RCTEXT.DLL : 14.0.7.318 77048 Bytes 11/6/2014 10:51:38 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: Interaktiv Sekundäre Aktion......................: Ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, F:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Prüfe alle Dateien....................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Dienstag, 11. November 2014 08:28 Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'HDD0(C:, D ![]() [INFO] Es wurde kein Virus gefunden! Bootsektor 'HDD1(F ![]() [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Versteckter Treiber [HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'winamp.exe' - '158' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '120' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '115' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '123' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '125' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.bin' - '92' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'E_FATIFBE.EXE' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'Avira.OE.Systray.exe' - '113' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '99' Modul(e) wurden durchsucht Durchsuche Prozess 'EEventManager.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'winampa.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '179' Modul(e) wurden durchsucht Durchsuche Prozess 'EasySpeedUpManager.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'dmhkcore.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'WCScheduler.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'SSCKbdHk.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '124' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'sqlwriter.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'creator-ws.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'E_S40RP7.EXE' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'E_S40ST7.EXE' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'BcmSqlStartupSvc.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '135' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '160' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '101' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1986' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' Beginne mit der Suche in 'D:\' Beginne mit der Suche in 'F:\' <INTENSO> Ende des Suchlaufs: Dienstag, 11. November 2014 12:23 Benötigte Zeit: 3:54:54 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 24925 Verzeichnisse wurden überprüft 1389297 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 1389297 Dateien ohne Befall 26027 Archive wurden durchsucht 0 Warnungen 1 Hinweise 658503 Objekte wurden beim Rootkitscan durchsucht 1 Versteckte Objekte wurden gefunden Soweit die Logfiles, hoffe ich hab alles richtig gemacht, ist das erste Mal, dass ich hier etwas poste.Würde mich freuen, wenn mir jemand helfen könnte.Mit freundlichen Grüssen |
Themen zu Avira hat unbekanntes Objekt gefunden |
adware, antivirus, browser, cpu, defender, desktop, device driver, downloader, fehlercode 0x80000003, fehlercode 0xc0000005, fehlercode detected, firefox, firefox 33.1, flash player, hdd0(c:, installation, problem, programm, required, rundll, scan, security, server, services.exe, software, svchost.exe, system, windows |